diff --git a/.github/workflows/qhelp-pr-preview.yml b/.github/workflows/qhelp-pr-preview.yml index 8aba0a0c5e3..a44ef5ad48d 100644 --- a/.github/workflows/qhelp-pr-preview.yml +++ b/.github/workflows/qhelp-pr-preview.yml @@ -27,7 +27,7 @@ on: - main - "rc/*" paths: - - "ruby/**/*.qhelp" + - "**/*.qhelp" jobs: qhelp: @@ -52,7 +52,7 @@ jobs: id: changes run: | (git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.qhelp$' | grep -z -v '.inc.qhelp'; - git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.inc.qhelp$' | xargs --null -rn1 basename | xargs --null -rn1 git grep -z -l) | + git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.inc.qhelp$' | xargs --null -rn1 basename -z | xargs --null -rn1 git grep -z -l) | grep -z '.qhelp$' | grep -z -v '^-' | sort -z -u > "${RUNNER_TEMP}/paths.txt" - name: QHelp preview diff --git a/.github/workflows/swift-autobuilder.yml b/.github/workflows/swift-autobuilder.yml new file mode 100644 index 00000000000..d3afa9f476b --- /dev/null +++ b/.github/workflows/swift-autobuilder.yml @@ -0,0 +1,25 @@ +name: "Swift: Build and test Xcode autobuilder" + +on: + pull_request: + paths: + - "swift/xcode-autobuilder/**" + - "misc/bazel/**" + - "*.bazel*" + - .github/workflows/swift-autobuilder.yml + branches: + - main + +jobs: + autobuilder: + runs-on: macos-latest + steps: + - uses: actions/checkout@v3 + - uses: bazelbuild/setup-bazelisk@v2 + - uses: actions/setup-python@v3 + - name: Build the Xcode autobuilder + run: | + bazel build //swift/xcode-autobuilder + - name: Test the Xcode autobuilder + run: | + bazel test //swift/xcode-autobuilder/tests diff --git a/config/identical-files.json b/config/identical-files.json index de7b75c5d48..832fac7741c 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -33,8 +33,9 @@ "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll", - "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForLibraries.qll", + "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll", + "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll", "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll" ], "DataFlow Java/C++/C#/Python Common": [ @@ -69,7 +70,6 @@ "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll", "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll", - "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforlibraries/TaintTrackingImpl.qll", "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll" ], "DataFlow Java/C++/C#/Python Consistency checks": [ diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index f1dfa53f9ba..5ccbbd8592c 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.1 + +No user-facing changes. + ## 0.4.0 ### Deprecated APIs diff --git a/cpp/ql/lib/change-notes/released/0.4.1.md b/cpp/ql/lib/change-notes/released/0.4.1.md new file mode 100644 index 00000000000..0d865d0571e --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.4.1.md @@ -0,0 +1,3 @@ +## 0.4.1 + +No user-facing changes. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 458bfbeccff..89fa3a87180 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.0 +lastReleaseVersion: 0.4.1 diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll index 662db9e9721..6b74d61feea 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll @@ -133,6 +133,18 @@ module ProductFlow { this.isAdditionalFlowStep2(node1, node2) } + /** + * Holds if data flow into `node` is prohibited in the first projection of the product + * dataflow graph. + */ + predicate isBarrierIn1(DataFlow::Node node) { none() } + + /** + * Holds if data flow into `node` is prohibited in the second projection of the product + * dataflow graph. + */ + predicate isBarrierIn2(DataFlow::Node node) { none() } + predicate hasFlowPath( DataFlow::PathNode source1, DataFlow2::PathNode source2, DataFlow::PathNode sink1, DataFlow2::PathNode sink2 @@ -169,6 +181,10 @@ module ProductFlow { ) { exists(Configuration conf | conf.isAdditionalFlowStep1(node1, state1, node2, state2)) } + + override predicate isBarrierIn(DataFlow::Node node) { + exists(Configuration conf | conf.isBarrierIn1(node)) + } } class Conf2 extends DataFlow2::Configuration { @@ -202,9 +218,14 @@ module ProductFlow { ) { exists(Configuration conf | conf.isAdditionalFlowStep2(node1, state1, node2, state2)) } + + override predicate isBarrierIn(DataFlow::Node node) { + exists(Configuration conf | conf.isBarrierIn2(node)) + } } } + pragma[nomagic] private predicate reachableInterprocEntry( Configuration conf, DataFlow::PathNode source1, DataFlow2::PathNode source2, DataFlow::PathNode node1, DataFlow2::PathNode node2 diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index d6b2d455dd2..69e08a9a5d2 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -137,7 +137,7 @@ private newtype TReturnKind = exists(IndirectReturnNode return, ReturnIndirectionInstruction returnInd | returnInd.hasIndex(argumentIndex) and return.getAddressOperand() = returnInd.getSourceAddressOperand() and - indirectionIndex = return.getIndirectionIndex() - 1 // We subtract one because the return loads the value. + indirectionIndex = return.getIndirectionIndex() ) } @@ -197,7 +197,7 @@ class ReturnIndirectionNode extends IndirectReturnNode, ReturnNode { exists(int argumentIndex, ReturnIndirectionInstruction returnInd | returnInd.hasIndex(argumentIndex) and this.getAddressOperand() = returnInd.getSourceAddressOperand() and - result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex() - 1) and + result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex()) and hasNonInitializeParameterDef(returnInd.getIRVariable()) ) or @@ -241,7 +241,7 @@ private Instruction getANonConversionUse(Operand operand) { /** * Gets the operand that represents the first use of the value of `call` following - * a sequnce of conversion-like instructions. + * a sequence of conversion-like instructions. */ predicate operandForfullyConvertedCall(Operand operand, CallInstruction call) { exists(getANonConversionUse(operand)) and @@ -254,7 +254,7 @@ predicate operandForfullyConvertedCall(Operand operand, CallInstruction call) { /** * Gets the instruction that represents the first use of the value of `call` following - * a sequnce of conversion-like instructions. + * a sequence of conversion-like instructions. * * This predicate only holds if there is no suitable operand (i.e., no operand of a non- * conversion instruction) to use to represent the value of `call` after conversions. @@ -365,7 +365,7 @@ predicate jumpStep(Node n1, Node n2) { predicate storeStep(Node node1, Content c, PostFieldUpdateNode node2) { exists(int indirectionIndex1, int numberOfLoads, StoreInstruction store | nodeHasInstruction(node1, store, pragma[only_bind_into](indirectionIndex1)) and - node2.getIndirectionIndex() = 0 and + node2.getIndirectionIndex() = 1 and numberOfLoadsFromOperand(node2.getFieldAddress(), store.getDestinationAddressOperand(), numberOfLoads) | @@ -465,20 +465,20 @@ predicate clearsContent(Node n, Content c) { predicate expectsContent(Node n, ContentSet c) { none() } /** Gets the type of `n` used for type pruning. */ -IRType getNodeType(Node n) { +DataFlowType getNodeType(Node n) { suppressUnusedNode(n) and - result instanceof IRVoidType // stub implementation + result instanceof VoidType // stub implementation } /** Gets a string representation of a type returned by `getNodeType`. */ -string ppReprType(IRType t) { none() } // stub implementation +string ppReprType(DataFlowType t) { none() } // stub implementation /** * Holds if `t1` and `t2` are compatible, that is, whether data can flow from * a node of type `t1` to a node of type `t2`. */ pragma[inline] -predicate compatibleTypes(IRType t1, IRType t2) { +predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { any() // stub implementation } @@ -502,7 +502,7 @@ class DataFlowCallable = Cpp::Declaration; class DataFlowExpr = Expr; -class DataFlowType = IRType; +class DataFlowType = Type; /** A function call relevant for data flow. */ class DataFlowCall extends CallInstruction { diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 08d5f270e5a..dc462fecc94 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -38,13 +38,12 @@ private module Cached { TVariableNode(Variable var) or TPostFieldUpdateNode(FieldAddress operand, int indirectionIndex) { indirectionIndex = - [0 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType()) - - 1] + [1 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType())] } or TSsaPhiNode(Ssa::PhiNode phi) or TIndirectArgumentOutNode(ArgumentOperand operand, int indirectionIndex) { Ssa::isModifiableByCall(operand) and - indirectionIndex = [0 .. Ssa::countIndirectionsForCppType(operand.getLanguageType()) - 1] + indirectionIndex = [1 .. Ssa::countIndirectionsForCppType(operand.getLanguageType())] } or TIndirectOperand(Operand op, int indirectionIndex) { Ssa::hasIndirectOperand(op, indirectionIndex) @@ -113,7 +112,7 @@ class Node extends TIRDataFlowNode { Declaration getFunction() { none() } // overridden in subclasses /** Gets the type of this node. */ - IRType getType() { none() } // overridden in subclasses + DataFlowType getType() { none() } // overridden in subclasses /** Gets the instruction corresponding to this node, if any. */ Instruction asInstruction() { result = this.(InstructionNode).getInstruction() } @@ -230,7 +229,13 @@ class Node extends TIRDataFlowNode { Expr asIndirectArgument() { result = this.asIndirectArgument(_) } /** Gets the positional parameter corresponding to this node, if any. */ - Parameter asParameter() { result = asParameter(0) } + Parameter asParameter() { result = this.asParameter(0) } + + /** + * Gets the uninitialized local variable corresponding to this node, if + * any. + */ + LocalVariable asUninitialized() { result = this.(UninitializedNode).getLocalVariable() } /** * Gets the positional parameter corresponding to the node that represents @@ -273,7 +278,7 @@ class Node extends TIRDataFlowNode { /** * Gets an upper bound on the type of this node. */ - IRType getTypeBound() { result = this.getType() } + DataFlowType getTypeBound() { result = this.getType() } /** Gets the location of this element. */ cached @@ -322,7 +327,7 @@ class InstructionNode extends Node, TInstructionNode { override Declaration getFunction() { result = instr.getEnclosingFunction() } - override IRType getType() { result = instr.getResultIRType() } + override DataFlowType getType() { result = instr.getResultType() } final override Location getLocationImpl() { result = instr.getLocation() } @@ -348,13 +353,32 @@ class OperandNode extends Node, TOperandNode { override Declaration getFunction() { result = op.getUse().getEnclosingFunction() } - override IRType getType() { result = op.getIRType() } + override DataFlowType getType() { result = op.getType() } final override Location getLocationImpl() { result = op.getLocation() } override string toStringImpl() { result = this.getOperand().toString() } } +/** + * Returns `t`, but stripped of the `n` outermost pointers, references, etc. + * + * For example, `stripPointers(int*&, 2)` is `int` and `stripPointers(int*, 0)` is `int*`. + */ +private Type stripPointers(Type t, int n) { + result = t and n = 0 + or + result = stripPointers(t.(PointerType).getBaseType(), n - 1) + or + result = stripPointers(t.(ArrayType).getBaseType(), n - 1) + or + result = stripPointers(t.(ReferenceType).getBaseType(), n - 1) + or + result = stripPointers(t.(PointerToMemberType).getBaseType(), n - 1) + or + result = stripPointers(t.(FunctionPointerIshType).getBaseType(), n - 1) +} + /** * INTERNAL: do not use. * @@ -370,8 +394,6 @@ class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode { override Declaration getEnclosingCallable() { result = this.getFunction() } - override IRType getType() { result = fieldAddress.getIRType() } - FieldAddress getFieldAddress() { result = fieldAddress } Field getUpdatedField() { result = fieldAddress.getField() } @@ -379,10 +401,8 @@ class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode { int getIndirectionIndex() { result = indirectionIndex } override Node getPreUpdateNode() { - // + 1 because we're storing into an lvalue, and the original node should be the rvalue of - // the same address. hasOperandAndIndex(result, pragma[only_bind_into](fieldAddress).getObjectAddressOperand(), - indirectionIndex + 1) + indirectionIndex) } override Expr getDefinedExpr() { @@ -411,7 +431,7 @@ class SsaPhiNode extends Node, TSsaPhiNode { override Declaration getFunction() { result = phi.getBasicBlock().getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } + override DataFlowType getType() { result = this.getAnInput().getType() } final override Location getLocationImpl() { result = phi.getBasicBlock().getLocation() } @@ -454,8 +474,6 @@ class SideEffectOperandNode extends Node, IndirectOperand { override Function getFunction() { result = call.getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } - Expr getArgument() { result = call.getArgument(argumentIndex).getUnconvertedResultExpression() } } @@ -478,8 +496,6 @@ class IndirectParameterNode extends Node, IndirectInstruction { override Function getFunction() { result = this.getInstruction().getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } - override string toStringImpl() { result = this.getParameter().toString() + " indirection" or @@ -504,8 +520,6 @@ class IndirectReturnNode extends IndirectOperand { Operand getAddressOperand() { result = operand } override Declaration getEnclosingCallable() { result = this.getFunction() } - - override IRType getType() { result instanceof IRVoidType } } /** @@ -536,9 +550,7 @@ class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PostUpdate override Function getFunction() { result = this.getCallInstruction().getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } - - override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex + 1) } + override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex) } override string toStringImpl() { // This string should be unique enough to be helpful but common enough to @@ -594,6 +606,38 @@ class IndirectReturnOutNode extends Node { int getIndirectionIndex() { result = indirectionIndex } } +private PointerType getGLValueType(Type t, int indirectionIndex) { + result.getBaseType() = stripPointers(t, indirectionIndex - 1) +} + +bindingset[isGLValue] +private DataFlowType getTypeImpl(Type t, int indirectionIndex, boolean isGLValue) { + if isGLValue = true + then + result = getGLValueType(t, indirectionIndex) + or + // Ideally, the above case would cover all glvalue cases. However, consider the case where + // the database consists only of: + // ``` + // void test() { + // int* x; + // x = nullptr; + // } + // ``` + // and we want to compute the type of `*x` in the assignment `x = nullptr`. Here, `x` is an lvalue + // of type int* (which morally is an int**). So when we call `getTypeImpl` it will be with the + // parameters: + // - t = int* + // - indirectionIndex = 1 (when we want to model the dataflow node corresponding to *x) + // - isGLValue = true + // In this case, `getTypeImpl(t, indirectionIndex, isGLValue)` should give back `int**`. In this + // case, however, `int**` does not exist in the database. So instead we return int* (which is + // wrong, but at least we have a type). + not exists(getGLValueType(t, indirectionIndex)) and + result = stripPointers(t, indirectionIndex - 1) + else result = stripPointers(t, indirectionIndex) +} + /** * INTERNAL: Do not use. * @@ -615,7 +659,11 @@ class IndirectOperand extends Node, TIndirectOperand { override Declaration getEnclosingCallable() { result = this.getFunction() } - override IRType getType() { result = this.getOperand().getIRType() } + override DataFlowType getType() { + exists(boolean isGLValue | if operand.isGLValue() then isGLValue = true else isGLValue = false | + result = getTypeImpl(operand.getType().getUnspecifiedType(), indirectionIndex, isGLValue) + ) + } final override Location getLocationImpl() { result = this.getOperand().getLocation() } @@ -624,6 +672,25 @@ class IndirectOperand extends Node, TIndirectOperand { } } +/** + * The value of an uninitialized local variable, viewed as a node in a data + * flow graph. + */ +class UninitializedNode extends Node { + LocalVariable v; + + UninitializedNode() { + exists(Ssa::Def def | + def.getDefiningInstruction() instanceof UninitializedInstruction and + Ssa::nodeToDefOrUse(this, def) and + v = def.getSourceVariable().getBaseVariable().(Ssa::BaseIRVariable).getIRVariable().getAst() + ) + } + + /** Gets the uninitialized local variable corresponding to this node. */ + LocalVariable getLocalVariable() { result = v } +} + /** * INTERNAL: Do not use. * @@ -645,7 +712,11 @@ class IndirectInstruction extends Node, TIndirectInstruction { override Declaration getEnclosingCallable() { result = this.getFunction() } - override IRType getType() { result = this.getInstruction().getResultIRType() } + override DataFlowType getType() { + exists(boolean isGLValue | if instr.isGLValue() then isGLValue = true else isGLValue = false | + result = getTypeImpl(instr.getResultType().getUnspecifiedType(), indirectionIndex, isGLValue) + ) + } final override Location getLocationImpl() { result = this.getInstruction().getLocation() } @@ -675,7 +746,7 @@ predicate exprNodeShouldBeOperand(Node node, Expr e) { /** * Holds if `load` is a `LoadInstruction` that is the result of evaluating `e` - * and `node` is an `IndirctOperandNode` that should map `node.asExpr()` to `e`. + * and `node` is an `IndirectOperandNode` that should map `node.asExpr()` to `e`. * * We map `e` to `node.asExpr()` when `node` semantically represents the * same value as `load`. A subsequent flow step will flow `node` to @@ -859,6 +930,8 @@ abstract class PostUpdateNode extends Node { * Gets the node before the state update. */ abstract Node getPreUpdateNode(); + + final override DataFlowType getType() { result = this.getPreUpdateNode().getType() } } /** @@ -922,7 +995,7 @@ class VariableNode extends Node, TVariableNode { result = v } - override IRType getType() { result.getCanonicalLanguageType().hasUnspecifiedType(v.getType(), _) } + override DataFlowType getType() { result = v.getType() } final override Location getLocationImpl() { result = v.getLocation() } @@ -1075,7 +1148,7 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { store.getDestinationAddressOperand() = address ) or - Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex - 1) + Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex) ) } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll index c302c6ef878..27edf7ce02c 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll @@ -41,7 +41,7 @@ Node callOutput(CallInstruction call, FunctionOutput output) { // The side effect of a call on the value pointed to by an argument or qualifier exists(int index, int indirectionIndex | result.(IndirectArgumentOutNode).getArgumentIndex() = index and - result.(IndirectArgumentOutNode).getIndirectionIndex() + 1 = indirectionIndex and + result.(IndirectArgumentOutNode).getIndirectionIndex() = indirectionIndex and result.(IndirectArgumentOutNode).getCallInstruction() = call and output.isParameterDerefOrQualifierObject(index, indirectionIndex) ) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll index 7359656e5a4..a14b2b00651 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll @@ -100,7 +100,7 @@ private string getNodeProperty(DataFlow::Node node, string key) { or // Is there partial flow from a source to this node? // This property will only be emitted if partial flow is enabled by overriding - // `DataFlow::Configration::explorationLimit()`. + // `DataFlow::Configuration::explorationLimit()`. key = "pflow" and result = strictconcat(DataFlow::PartialPathNode sourceNode, DataFlow::PartialPathNode destNode, int dist, diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll index 36ab036c4e5..2e0a20fcfdc 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll @@ -11,7 +11,9 @@ private import DataFlowUtil * corresponding `(Indirect)OperandNode`. */ predicate ignoreOperand(Operand operand) { - operand = any(Instruction instr | ignoreInstruction(instr)).getAnOperand() + operand = any(Instruction instr | ignoreInstruction(instr)).getAnOperand() or + operand = any(Instruction instr | ignoreInstruction(instr)).getAUse() or + operand instanceof MemoryOperand } /** diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll index 3a89f1d170f..06c4a7f751c 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll @@ -36,7 +36,7 @@ private module SourceVariables { override string toString() { result = var.toString() } - override DataFlowType getType() { result = var.getIRType() } + override DataFlowType getType() { result = var.getType() } } class BaseCallVariable extends BaseSourceVariable, TBaseCallVariable { @@ -48,7 +48,7 @@ private module SourceVariables { override string toString() { result = call.toString() } - override DataFlowType getType() { result = call.getResultIRType() } + override DataFlowType getType() { result = call.getResultType() } } private newtype TSourceVariable = diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll index 10944b55fbc..27c3083fecc 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll @@ -71,7 +71,7 @@ abstract class CustomSignDef extends SignDef { * Concrete implementations extend one of the following subclasses: * - `ConstantSignExpr`, for expressions with a compile-time constant value. * - `FlowSignExpr`, for expressions whose sign can be computed from the signs of their operands. - * - `CustomsignExpr`, for expressions shose sign can be computed by a language-specific + * - `CustomsignExpr`, for expressions whose sign can be computed by a language-specific * implementation. * * If the same expression matches more than one of the above subclasses, the sign is computed as diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll index e44281af85b..0f482790d4d 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll @@ -11,7 +11,7 @@ private import experimental.semmle.code.cpp.semantic.Semantic predicate ignoreTypeRestrictions(SemExpr e) { none() } /** - * Workaround to track the sign of cetain expressions even if the type of the expression is not + * Workaround to track the sign of certain expressions even if the type of the expression is not * numeric. */ predicate trackUnknownNonNumericExpr(SemExpr e) { none() } diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index cb70ba272d3..fade2cc7c96 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.4.1-dev +version: 0.4.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/lib/semmle/code/cpp/Linkage.qll b/cpp/ql/lib/semmle/code/cpp/Linkage.qll index 766ddd188c1..e604ce06dee 100644 --- a/cpp/ql/lib/semmle/code/cpp/Linkage.qll +++ b/cpp/ql/lib/semmle/code/cpp/Linkage.qll @@ -1,5 +1,5 @@ /** - * Proivdes the `LinkTarget` class representing linker invocations during the build process. + * Provides the `LinkTarget` class representing linker invocations during the build process. */ import semmle.code.cpp.Class diff --git a/cpp/ql/lib/semmle/code/cpp/Variable.qll b/cpp/ql/lib/semmle/code/cpp/Variable.qll index b0e0647d24b..c82f3689c85 100644 --- a/cpp/ql/lib/semmle/code/cpp/Variable.qll +++ b/cpp/ql/lib/semmle/code/cpp/Variable.qll @@ -144,7 +144,7 @@ class Variable extends Declaration, @variable { * `Variable.getInitializer()` to get the variable's initializer, * or use `Variable.getAnAssignedValue()` to get an expression that * is the right-hand side of an assignment or an initialization of - * the varible. + * the variable. */ Assignment getAnAssignment() { result.getLValue() = this.getAnAccess() } @@ -173,7 +173,7 @@ class Variable extends Declaration, @variable { } /** - * Holds if this variable is declated as part of a structured binding + * Holds if this variable is declared as part of a structured binding * declaration. For example, `x` in `auto [x, y] = ...`. */ predicate isStructuredBinding() { is_structured_binding(underlyingElement(this)) } diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll index b093a73e429..32872eea915 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll @@ -76,7 +76,7 @@ class TypeBoundsAnalysis extends BufferWriteEstimationReason, TTypeBoundsAnalysi /** * The estimation comes from non trivial bounds found via actual flow analysis, - * but a widening aproximation might have been used for variables in loops. + * but a widening approximation might have been used for variables in loops. * For example * ``` * for (int i = 0; i < 10; ++i) { @@ -141,7 +141,7 @@ class AttributeFormattingFunction extends FormattingFunction { * - `""` is a `vprintf` variant, `outputParamIndex` is `-1`. * - `"f"` is a `vfprintf` variant, `outputParamIndex` indicates the output stream parameter. * - `"s"` is a `vsprintf` variant, `outputParamIndex` indicates the output buffer parameter. - * - `"?"` if the type cannot be deteremined. `outputParamIndex` is `-1`. + * - `"?"` if the type cannot be determined. `outputParamIndex` is `-1`. */ predicate primitiveVariadicFormatter( TopLevelFunction f, string type, int formatParamIndex, int outputParamIndex @@ -198,7 +198,7 @@ private predicate callsVariadicFormatter( * - `""` is a `vprintf` variant, `outputParamIndex` is `-1`. * - `"f"` is a `vfprintf` variant, `outputParamIndex` indicates the output stream parameter. * - `"s"` is a `vsprintf` variant, `outputParamIndex` indicates the output buffer parameter. - * - `"?"` if the type cannot be deteremined. `outputParamIndex` is `-1`. + * - `"?"` if the type cannot be determined. `outputParamIndex` is `-1`. */ predicate variadicFormatter(Function f, string type, int formatParamIndex, int outputParamIndex) { primitiveVariadicFormatter(f, type, formatParamIndex, outputParamIndex) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll index ebea83e47e5..53f7c71a7d3 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll @@ -12,7 +12,7 @@ private import internal.ConstantExprs * relation). The refinement manifests itself in two changes: * * - The successor relation on `BasicBlock`s uses `successors_adapted` - * (instead of `successors_extended` used by `PrimtiveBasicBlock`s). Consequently, + * (instead of `successors_extended` used by `PrimitiveBasicBlock`s). Consequently, * some edges between `BasicBlock`s may be removed. Example: * ``` * x = 1; // s1 diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll index 373ab8b79e2..3af5f2dbf0c 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll @@ -149,7 +149,7 @@ private predicate bbLoopEntryConditionAlwaysTrueAt(BasicBlock bb, int i, Control /** * Basic block `pred` contains all or part of the condition belonging to a loop, * and there is an edge from `pred` to `succ` that concludes the condition. - * If the edge corrseponds with the loop condition being found to be `true`, then + * If the edge corresponds with the loop condition being found to be `true`, then * `skipsLoop` is `false`. Otherwise the edge corresponds with the loop condition * being found to be `false` and `skipsLoop` is `true`. Non-concluding edges * within a complex loop condition are not matched by this predicate. diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll b/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll index f5ead5b6f5f..fa6589f7e27 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll @@ -1137,7 +1137,7 @@ class BuiltInOperationIsArray extends BuiltInOperation, @isarray { * A C++ `__array_rank` built-in operation (used by some implementations of the * `` header). * - * If known, returns the number of dimentsions of an arrary type. + * If known, returns the number of dimensions of an arrary type. * ``` * template * struct rank diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll index dba3d16997f..332cda770bb 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll @@ -494,7 +494,7 @@ class VacuousDestructorCall extends Expr, @vacuous_destructor_call { * An initialization of a base class or member variable performed as part * of a constructor's explicit initializer list or implicit actions. * - * This is a QL root class for reprenting various types of constructor + * This is a QL root class for representing various types of constructor * initializations. */ class ConstructorInit extends Expr, @ctorinit { diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll index 3cb8946c198..e3ce623d217 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll @@ -779,7 +779,7 @@ class AlignofExprOperator extends AlignofOperator { /** * A C++11 `alignof` expression whose operand is a type name. * ``` - * bool proper_alignment = (alingof(T) == alignof(T[0]); + * bool proper_alignment = (alignof(T) == alignof(T[0]); * ``` */ class AlignofTypeOperator extends AlignofOperator { diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll index 68973293425..9261cc4a13f 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll @@ -451,7 +451,7 @@ class Expr extends StmtParent, @expr { // For performance, we avoid a full transitive closure over `getConversion`. // Since there can be several implicit conversions before and after an // explicit conversion, use `getImplicitlyConverted` to step over them - // cheaply. Then, if there is an explicit conversion following the implict + // cheaply. Then, if there is an explicit conversion following the implicit // conversion sequence, recurse to handle multiple explicit conversions. if this.getImplicitlyConverted().hasExplicitConversion() then result = this.getImplicitlyConverted().getConversion().getExplicitlyConverted() diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll index 7359656e5a4..a14b2b00651 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll @@ -100,7 +100,7 @@ private string getNodeProperty(DataFlow::Node node, string key) { or // Is there partial flow from a source to this node? // This property will only be emitted if partial flow is enabled by overriding - // `DataFlow::Configration::explorationLimit()`. + // `DataFlow::Configuration::explorationLimit()`. key = "pflow" and result = strictconcat(DataFlow::PartialPathNode sourceNode, DataFlow::PartialPathNode destNode, int dist, diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll index d65ee10f402..efc927a05e6 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll @@ -64,7 +64,7 @@ private module Cached { or instr = reusedPhiInstruction(_) and // Check that the phi instruction is *not* degenerate, but we can't use - // getDegeneratePhiOperand in the first stage with phi instyructions + // getDegeneratePhiOperand in the first stage with phi instructions not exists( unique(OldIR::PhiInputOperand operand | operand = instr.(OldIR::PhiInstruction).getAnInputOperand() and @@ -718,7 +718,7 @@ module DefUse { } /** - * Gets the rank index of a hyphothetical use one instruction past the end of + * Gets the rank index of a hypothetical use one instruction past the end of * the block. This index can be used to determine if a definition reaches the * end of the block, even if the definition is the last instruction in the * block. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll index bc69754fe32..607b88fa58d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll @@ -172,7 +172,7 @@ deprecated module UnaliasedSSAOperands = UnaliasedSsaOperands; /** * Provides wrappers for the constructors of each branch of `TOperand` that is used by the - * asliased SSA stage. + * aliased SSA stage. * These wrappers are not parameterized because it is not possible to invoke an IPA constructor via * a class alias. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll index f8960cd205d..7d015654056 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll @@ -542,7 +542,7 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect, * The IR translation of an argument side effect for `*this` on a call, where there is no `Expr` * object that represents the `this` argument. * - * The applies only to constructor calls, as the AST has explioit qualifier `Expr`s for all other + * The applies only to constructor calls, as the AST has exploit qualifier `Expr`s for all other * calls to non-static member functions. */ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect, diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll index 56da47325ee..df5a974c45b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll @@ -2177,7 +2177,7 @@ abstract class TranslatedConditionalExpr extends TranslatedNonConstantExpr { /** * The IR translation of the ternary conditional operator (`a ? b : c`). * For this version, we expand the condition as a `TranslatedCondition`, rather than a - * `TranslatedExpr`, to simplify the control flow in the presence of short-ciruit logical operators. + * `TranslatedExpr`, to simplify the control flow in the presence of short-circuit logical operators. */ class TranslatedTernaryConditionalExpr extends TranslatedConditionalExpr, ConditionContext { TranslatedTernaryConditionalExpr() { not expr.isTwoOperand() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index d65ee10f402..efc927a05e6 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -64,7 +64,7 @@ private module Cached { or instr = reusedPhiInstruction(_) and // Check that the phi instruction is *not* degenerate, but we can't use - // getDegeneratePhiOperand in the first stage with phi instyructions + // getDegeneratePhiOperand in the first stage with phi instructions not exists( unique(OldIR::PhiInputOperand operand | operand = instr.(OldIR::PhiInstruction).getAnInputOperand() and @@ -718,7 +718,7 @@ module DefUse { } /** - * Gets the rank index of a hyphothetical use one instruction past the end of + * Gets the rank index of a hypothetical use one instruction past the end of * the block. This index can be used to determine if a definition reaches the * end of the block, even if the definition is the last instruction in the * block. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll index 1415cdc9c5b..bfd850384ac 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll @@ -12,7 +12,7 @@ private Type getDecayedType(Type type) { } /** - * Holds if the sepcified variable is a structured binding with a non-reference + * Holds if the specified variable is a structured binding with a non-reference * type. */ predicate isNonReferenceStructuredBinding(Variable v) { diff --git a/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll b/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll index b3838ce4a5a..d9d7d286938 100644 --- a/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll +++ b/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll @@ -209,7 +209,7 @@ private predicate aClassFile(Class c, File file) { c.getDefinitionLocation().get pragma[noopt] private predicate dependsOnFileSimple(MetricFile source, MetricFile dest) { - // class derives from classs + // class derives from another class exists(Class fromClass, Class toClass | aClassFile(fromClass, source) and fromClass.derivesFrom(toClass) and diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll index 325f6a6470b..028ab1a0370 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll @@ -205,57 +205,149 @@ private predicate deconstructSizeExpr(Expr sizeExpr, Expr lengthExpr, int sizeof sizeof = 1 } +/** A `Function` that is a call target of an allocation. */ +private signature class CallAllocationExprTarget extends Function; + /** - * An allocation expression that is a function call, such as call to `malloc`. + * This module abstracts over the type of allocation call-targets and provides a + * class `CallAllocationExprImpl` which contains the implementation of the various + * predicates required by the `Allocation` class. + * + * This module is then instantiated for two types of allocation call-targets: + * - `AllocationFunction`: Functions that we've explicitly modeled as functions that + * perform allocations (i.e., `malloc`). + * - `HeuristicAllocationFunction`: Functions that we deduce as behaving like an allocation + * function using various heuristics. */ -private class CallAllocationExpr extends AllocationExpr, FunctionCall { - AllocationFunction target; +private module CallAllocationExprBase { + /** A module that contains the collection of member-predicates required on `Target`. */ + signature module Param { + /** + * Gets the index of the input pointer argument to be reallocated, if + * this is a `realloc` function. + */ + int getReallocPtrArg(Target target); - CallAllocationExpr() { - target = this.getTarget() and - // realloc(ptr, 0) only frees the pointer - not ( - exists(target.getReallocPtrArg()) and - this.getArgument(target.getSizeArg()).getValue().toInt() = 0 - ) and - // these are modeled directly (and more accurately), avoid duplication - not exists(NewOrNewArrayExpr new | new.getAllocatorCall() = this) + /** + * Gets the index of the argument for the allocation size, if any. The actual + * allocation size is the value of this argument multiplied by the result of + * `getSizeMult()`, in bytes. + */ + int getSizeArg(Target target); + + /** + * Gets the index of an argument that multiplies the allocation size given + * by `getSizeArg`, if any. + */ + int getSizeMult(Target target); + + /** + * Holds if this allocation requires a + * corresponding deallocation of some sort (most do, but `alloca` for example + * does not). If it is unclear, we default to no (for example a placement `new` + * allocation may or may not require a corresponding `delete`). + */ + predicate requiresDealloc(Target target); } - override Expr getSizeExpr() { - exists(Expr sizeExpr | sizeExpr = this.getArgument(target.getSizeArg()) | - if exists(target.getSizeMult()) - then result = sizeExpr - else - exists(Expr lengthExpr | - deconstructSizeExpr(sizeExpr, lengthExpr, _) and - result = lengthExpr + /** + * A module that abstracts over a collection of predicates in + * the `Param` module). This should really be member-predicates + * on `CallAllocationExprTarget`, but we cannot yet write this in QL. + */ + module With { + private import P + + /** + * An allocation expression that is a function call, such as call to `malloc`. + */ + class CallAllocationExprImpl instanceof FunctionCall { + Target target; + + CallAllocationExprImpl() { + target = this.getTarget() and + // realloc(ptr, 0) only frees the pointer + not ( + exists(getReallocPtrArg(target)) and + this.getArgument(getSizeArg(target)).getValue().toInt() = 0 + ) and + // these are modeled directly (and more accurately), avoid duplication + not exists(NewOrNewArrayExpr new | new.getAllocatorCall() = this) + } + + string toString() { result = super.toString() } + + Expr getSizeExprImpl() { + exists(Expr sizeExpr | sizeExpr = super.getArgument(getSizeArg(target)) | + if exists(getSizeMult(target)) + then result = sizeExpr + else + exists(Expr lengthExpr | + deconstructSizeExpr(sizeExpr, lengthExpr, _) and + result = lengthExpr + ) ) - ) + } + + int getSizeMultImpl() { + // malloc with multiplier argument that is a constant + result = super.getArgument(getSizeMult(target)).getValue().toInt() + or + // malloc with no multiplier argument + not exists(getSizeMult(target)) and + deconstructSizeExpr(super.getArgument(getSizeArg(target)), _, result) + } + + int getSizeBytesImpl() { + result = this.getSizeExprImpl().getValue().toInt() * this.getSizeMultImpl() + } + + Expr getReallocPtrImpl() { result = super.getArgument(getReallocPtrArg(target)) } + + Type getAllocatedElementTypeImpl() { + result = + super.getFullyConverted().getType().stripTopLevelSpecifiers().(PointerType).getBaseType() and + not result instanceof VoidType + } + + predicate requiresDeallocImpl() { requiresDealloc(target) } + } + } +} + +private module CallAllocationExpr { + private module Param implements CallAllocationExprBase::Param { + int getReallocPtrArg(AllocationFunction f) { result = f.getReallocPtrArg() } + + int getSizeArg(AllocationFunction f) { result = f.getSizeArg() } + + int getSizeMult(AllocationFunction f) { result = f.getSizeMult() } + + predicate requiresDealloc(AllocationFunction f) { f.requiresDealloc() } } - override int getSizeMult() { - // malloc with multiplier argument that is a constant - result = this.getArgument(target.getSizeMult()).getValue().toInt() - or - // malloc with no multiplier argument - not exists(target.getSizeMult()) and - deconstructSizeExpr(this.getArgument(target.getSizeArg()), _, result) + /** + * A class that provides the implementation of `AllocationExpr` for an allocation + * that calls an `AllocationFunction`. + */ + private class Base = + CallAllocationExprBase::With::CallAllocationExprImpl; + + class CallAllocationExpr extends AllocationExpr, Base { + override Expr getSizeExpr() { result = super.getSizeExprImpl() } + + override int getSizeMult() { result = super.getSizeMultImpl() } + + override Type getAllocatedElementType() { result = super.getAllocatedElementTypeImpl() } + + override predicate requiresDealloc() { super.requiresDeallocImpl() } + + override int getSizeBytes() { result = super.getSizeBytesImpl() } + + override Expr getReallocPtr() { result = super.getReallocPtrImpl() } + + override string toString() { result = AllocationExpr.super.toString() } } - - override int getSizeBytes() { - result = this.getSizeExpr().getValue().toInt() * this.getSizeMult() - } - - override Expr getReallocPtr() { result = this.getArgument(target.getReallocPtrArg()) } - - override Type getAllocatedElementType() { - result = - this.getFullyConverted().getType().stripTopLevelSpecifiers().(PointerType).getBaseType() and - not result instanceof VoidType - } - - override predicate requiresDealloc() { target.requiresDealloc() } } /** @@ -294,3 +386,99 @@ private class NewArrayAllocationExpr extends AllocationExpr, NewArrayExpr { override predicate requiresDealloc() { not exists(this.getPlacementPointer()) } } + +private module HeuristicAllocation { + /** A class that maps an `AllocationExpr` to an `HeuristicAllocationExpr`. */ + private class HeuristicAllocationModeled extends HeuristicAllocationExpr instanceof AllocationExpr { + override Expr getSizeExpr() { result = AllocationExpr.super.getSizeExpr() } + + override int getSizeMult() { result = AllocationExpr.super.getSizeMult() } + + override int getSizeBytes() { result = AllocationExpr.super.getSizeBytes() } + + override Expr getReallocPtr() { result = AllocationExpr.super.getReallocPtr() } + + override Type getAllocatedElementType() { + result = AllocationExpr.super.getAllocatedElementType() + } + + override predicate requiresDealloc() { AllocationExpr.super.requiresDealloc() } + } + + /** A class that maps an `AllocationFunction` to an `HeuristicAllocationFunction`. */ + private class HeuristicAllocationFunctionModeled extends HeuristicAllocationFunction instanceof AllocationFunction { + override int getSizeArg() { result = AllocationFunction.super.getSizeArg() } + + override int getSizeMult() { result = AllocationFunction.super.getSizeMult() } + + override int getReallocPtrArg() { result = AllocationFunction.super.getReallocPtrArg() } + + override predicate requiresDealloc() { AllocationFunction.super.requiresDealloc() } + } + + private int getAnUnsignedParameter(Function f) { + f.getParameter(result).getUnspecifiedType().(IntegralType).isUnsigned() + } + + private int getAPointerParameter(Function f) { + f.getParameter(result).getUnspecifiedType() instanceof PointerType + } + + /** + * A class that uses heuristics to find additional allocation functions. The required are as follows: + * 1. The word `alloc` must appear in the function name + * 2. The function must return a pointer type + * 3. There must be a unique parameter of unsigned integral type. + */ + private class HeuristicAllocationFunctionByName extends HeuristicAllocationFunction instanceof Function { + int sizeArg; + + HeuristicAllocationFunctionByName() { + Function.super.getName().matches("%alloc%") and + Function.super.getUnspecifiedType() instanceof PointerType and + sizeArg = unique( | | getAnUnsignedParameter(this)) + } + + override int getSizeArg() { result = sizeArg } + + override int getReallocPtrArg() { + Function.super.getName().matches("%realloc%") and + result = unique( | | getAPointerParameter(this)) + } + + override predicate requiresDealloc() { none() } + } + + private module Param implements CallAllocationExprBase::Param { + int getReallocPtrArg(HeuristicAllocationFunction f) { result = f.getReallocPtrArg() } + + int getSizeArg(HeuristicAllocationFunction f) { result = f.getSizeArg() } + + int getSizeMult(HeuristicAllocationFunction f) { result = f.getSizeMult() } + + predicate requiresDealloc(HeuristicAllocationFunction f) { f.requiresDealloc() } + } + + /** + * A class that provides the implementation of `AllocationExpr` for an allocation + * that calls an `HeuristicAllocationFunction`. + */ + private class Base = + CallAllocationExprBase::With::CallAllocationExprImpl; + + private class CallAllocationExpr extends HeuristicAllocationExpr, Base { + override Expr getSizeExpr() { result = super.getSizeExprImpl() } + + override int getSizeMult() { result = super.getSizeMultImpl() } + + override Type getAllocatedElementType() { result = super.getAllocatedElementTypeImpl() } + + override predicate requiresDealloc() { super.requiresDeallocImpl() } + + override int getSizeBytes() { result = super.getSizeBytesImpl() } + + override Expr getReallocPtr() { result = super.getReallocPtrImpl() } + + override string toString() { result = HeuristicAllocationExpr.super.toString() } + } +} diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll index d309791f79a..00281f0f756 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll @@ -113,3 +113,84 @@ class OperatorNewAllocationFunction extends AllocationFunction { result = 1 } } + +/** + * An expression that _might_ allocate memory. + * + * Unlike `AllocationExpr`, this class uses heuristics (such as a call target's + * name and parameters) to include additional expressions. + */ +abstract class HeuristicAllocationExpr extends Expr { + /** + * Gets an expression for the allocation size, if any. The actual allocation + * size is the value of this expression multiplied by the result of + * `getSizeMult()`, in bytes. + */ + Expr getSizeExpr() { none() } + + /** + * Gets a constant multiplier for the allocation size given by `getSizeExpr`, + * in bytes. + */ + int getSizeMult() { none() } + + /** + * Gets the size of this allocation in bytes, if it is a fixed size and that + * size can be determined. + */ + int getSizeBytes() { none() } + + /** + * Gets the expression for the input pointer argument to be reallocated, if + * this is a `realloc` function. + */ + Expr getReallocPtr() { none() } + + /** + * Gets the type of the elements that are allocated, if it can be determined. + */ + Type getAllocatedElementType() { none() } + + /** + * Whether or not this allocation requires a corresponding deallocation of + * some sort (most do, but `alloca` for example does not). If it is unclear, + * we default to no (for example a placement `new` allocation may or may not + * require a corresponding `delete`). + */ + predicate requiresDealloc() { any() } +} + +/** + * An function that _might_ allocate memory. + * + * Unlike `AllocationFunction`, this class uses heuristics (such as the function's + * name and its parameters) to include additional functions. + */ +abstract class HeuristicAllocationFunction extends Function { + /** + * Gets the index of the argument for the allocation size, if any. The actual + * allocation size is the value of this argument multiplied by the result of + * `getSizeMult()`, in bytes. + */ + int getSizeArg() { none() } + + /** + * Gets the index of an argument that multiplies the allocation size given by + * `getSizeArg`, if any. + */ + int getSizeMult() { none() } + + /** + * Gets the index of the input pointer argument to be reallocated, if this + * is a `realloc` function. + */ + int getReallocPtrArg() { none() } + + /** + * Whether or not this allocation requires a corresponding deallocation of + * some sort (most do, but `alloca` for example does not). If it is unclear, + * we default to no (for example a placement `new` allocation may or may not + * require a corresponding `delete`). + */ + predicate requiresDealloc() { any() } +} diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll index 410a39716dc..4717e79d9d3 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll @@ -173,7 +173,7 @@ predicate eqOpWithSwapAndNegate(EqualityOperation cmp, Expr a, Expr b, boolean i /** * Holds if `cmp` is an unconverted conversion of `a` to a Boolean that - * evalutes to `isEQ` iff `a` is 0. + * evaluates to `isEQ` iff `a` is 0. * * Note that `a` can be `cmp` itself or a conversion thereof. */ diff --git a/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll b/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll index 00be9a3deb5..054b2087e53 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll @@ -51,14 +51,14 @@ string getInsecureAlgorithmRegex() { /** * Holds if `name` looks like it might be related to operations with an - * insecure encyption algorithm. + * insecure encryption algorithm. */ bindingset[name] predicate isInsecureEncryption(string name) { name.regexpMatch(getInsecureAlgorithmRegex()) } /** * Holds if there is additional evidence that `name` looks like it might be - * related to operations with an encyption algorithm, besides the name of a + * related to operations with an encryption algorithm, besides the name of a * specific algorithm. This can be used in conjunction with * `isInsecureEncryption` to produce a stronger heuristic. */ diff --git a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll index 01230e6880c..532cf53e2d4 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll @@ -1,7 +1,7 @@ /** * DEPRECATED: we now use `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`, * which is based on the IR but designed to behave similarly to this old - * libarary. + * library. * * Provides the implementation of `semmle.code.cpp.security.TaintTracking`. Do * not import this file directly. diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll index 0073154dd3c..d3c212fb8a7 100644 --- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll +++ b/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll @@ -104,7 +104,7 @@ private newtype HC_Alloc = HC_HasAlloc(HashCons hc) { mk_HasAlloc(hc, _) } /** - * Used to implement optional extent expression on `new[]` exprtessions + * Used to implement optional extent expression on `new[]` expressions */ private newtype HC_Extent = HC_NoExtent() or @@ -116,7 +116,7 @@ private newtype HC_Args = HC_ArgCons(HashCons hc, int i, HC_Args list) { mk_ArgCons(hc, i, list, _) } /** - * Used to implement hash-consing of struct initizializers. + * Used to implement hash-consing of struct initializers. */ private newtype HC_Fields = HC_EmptyFields(Class c) { exists(ClassAggregateLiteral cal | c = cal.getUnspecifiedType()) } or diff --git a/cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql b/cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql index 53c96c4beb7..ef9135f1c0a 100644 --- a/cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql +++ b/cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql @@ -35,4 +35,4 @@ from LocalVariableOrParameter lv, GlobalVariable gv where lv.getName() = gv.getName() and lv.getFile() = gv.getFile() -select lv, lv.type() + gv.getName() + " hides $@ with the same name.", gv, "a global variable" +select lv, lv.type() + gv.getName() + " hides a $@ with the same name.", gv, "global variable" diff --git a/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.cpp b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.cpp new file mode 100644 index 00000000000..77246363fba --- /dev/null +++ b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.cpp @@ -0,0 +1,32 @@ +/* + * In this example, the developer intended to use a semicolon but accidentally used a comma: + */ + +enum privileges entitlements = NONE; + +if (is_admin) + entitlements = FULL, // BAD + +restrict_privileges(entitlements); + +/* + * The use of a comma means that the first example is equivalent to this second example: + */ + +enum privileges entitlements = NONE; + +if (is_admin) { + entitlements = FULL; + restrict_privileges(entitlements); +} + +/* + * The indentation of the first example suggests that the developer probably intended the following code: + */ + +enum privileges entitlements = NONE; + +if (is_admin) + entitlements = FULL; // GOOD + +restrict_privileges(entitlements); diff --git a/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.qhelp b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.qhelp new file mode 100644 index 00000000000..d0aa29ca700 --- /dev/null +++ b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.qhelp @@ -0,0 +1,39 @@ + + + + +

+If the expression after the comma operator starts at an earlier column than the expression before the comma, then +this suspicious indentation possibly indicates a logic error, caused by a typo that may escape visual inspection. +

+ +This query has medium precision because CodeQL currently does not distinguish between tabs and spaces in whitespace. +If a file contains mixed tabs and spaces, alerts may highlight code that is correctly indented for one value of tab size but not for other tab sizes. + + + + +

+To ensure that your code is easy to read and review, use standard indentation around the comma operator. Always begin the right-hand-side operand at the same level of +indentation (column number) as the left-hand-side operand. This makes it easier for other developers to see the intended behavior of your code. +

+

+Use whitespace consistently to communicate your coding intentions. Where possible, avoid mixing tabs and spaces within a file. If you need to mix them, use them consistently. +

+ + + +

+This example shows three different ways of writing the same code. The first example contains a comma instead of a semicolon which means that the final line is part of the if statement, even though the indentation suggests that it is intended to be separate. The second example looks different but is functionally the same as the first example. It is more likely that the developer intended to write the third example. +

+ + + + +
  • Wikipedia: Comma operator
    • +
  • Wikipedia: Indentation style — Tabs, spaces, and size of indentations
    • +     + +     diff --git a/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql new file mode 100644 index 00000000000..b23234d4627 --- /dev/null +++ b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql @@ -0,0 +1,53 @@ +/** + * @name Comma before misleading indentation + * @description If expressions before and after a comma operator use different indentation, it is easy to misread the purpose of the code. + * @kind problem + * @id cpp/comma-before-misleading-indentation + * @problem.severity warning + * @security-severity 7.8 + * @precision medium + * @tags maintainability + * readability + * security + * external/cwe/cwe-1078 + * external/cwe/cwe-670 + */ + +import cpp +import semmle.code.cpp.commons.Exclusions + +/** Gets the sub-expression of 'e' with the earliest-starting Location */ +Expr normalizeExpr(Expr e) { + result = + min(Expr child | + child.getParentWithConversions*() = e.getFullyConverted() and + not child.getParentWithConversions*() = any(Call c).getAnArgument() + | + child order by child.getLocation().getStartColumn(), count(child.getParentWithConversions*()) + ) +} + +predicate isParenthesized(CommaExpr ce) { + ce.getParent*().(Expr).isParenthesised() + or + ce.isUnevaluated() // sizeof(), decltype(), alignof(), noexcept(), typeid() + or + ce.getParent*() = [any(IfStmt i).getCondition(), any(SwitchStmt s).getExpr()] + or + ce.getParent*() = [any(Loop l).getCondition(), any(ForStmt f).getUpdate()] + or + ce.getEnclosingStmt() = any(ForStmt f).getInitialization() +} + +from CommaExpr ce, Expr left, Expr right, Location leftLoc, Location rightLoc +where + ce.fromSource() and + not isFromMacroDefinition(ce) and + left = normalizeExpr(ce.getLeftOperand()) and + right = normalizeExpr(ce.getRightOperand()) and + leftLoc = left.getLocation() and + rightLoc = right.getLocation() and + not isParenthesized(ce) and + leftLoc.getEndLine() < rightLoc.getStartLine() and + leftLoc.getStartColumn() > rightLoc.getStartColumn() +select right, "The indentation level may be misleading for some tab sizes." diff --git a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql index 418250d15ac..514cfac9a81 100644 --- a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql +++ b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql @@ -13,16 +13,32 @@ import cpp +pragma[noinline] +predicate possiblyIncompleteFile(File f) { + exists(Diagnostic d | d.getFile() = f and d.getSeverity() >= 3) +} + predicate immediatelyReachableFunction(Function f) { - not f.isStatic() or - exists(BlockExpr be | be.getFunction() = f) or - f instanceof MemberFunction or - f instanceof TemplateFunction or - f.getFile() instanceof HeaderFile or - f.getAnAttribute().hasName("constructor") or - f.getAnAttribute().hasName("destructor") or - f.getAnAttribute().hasName("used") or + not f.isStatic() + or + exists(BlockExpr be | be.getFunction() = f) + or + f instanceof MemberFunction + or + f instanceof TemplateFunction + or + f.getFile() instanceof HeaderFile + or + f.getAnAttribute().hasName("constructor") + or + f.getAnAttribute().hasName("destructor") + or + f.getAnAttribute().hasName("used") + or f.getAnAttribute().hasName("unused") + or + // a compiler error in the same file suggests we may be missing data + possiblyIncompleteFile(f.getFile()) } predicate immediatelyReachableVariable(Variable v) { diff --git a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp index 6e0c263e4fa..b8838c26c52 100644 --- a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp +++ b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp @@ -11,7 +11,7 @@ caused by an unhandled case.

    -

    Check that the unused static variable does not indicate a defect, for example, an unhandled case. If the static variable is genuinuely not needed, +

    Check that the unused static variable does not indicate a defect, for example, an unhandled case. If the static variable is genuinely not needed, then removing it will make code more readable. If the static variable is needed then you should update the code to fix the defect.

     diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 54dec3b197f..14b2976282b 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.1 + +### Minor Analysis Improvements + +* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages. + ## 0.4.0 ### New Queries @@ -119,7 +125,7 @@ * The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default. * The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high. -* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`. +* A new `cpp/very-likely-overrunning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overrunning-write`. ### Minor Analysis Improvements diff --git a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp index 2016e05d936..41473d68371 100644 --- a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp +++ b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp @@ -19,7 +19,7 @@ This can occur when an operation performed on the open descriptor fails, and the

    In the example below, the sockfd socket may remain open if an error is triggered. -The code should be updated to ensure that the socket is always closed when when the function ends. +The code should be updated to ensure that the socket is always closed when the function ends.

    diff --git a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql index b004aa835b9..d2afdad1306 100644 --- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql +++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql @@ -63,7 +63,7 @@ predicate verifiedRealloc(FunctionCall reallocCall, Variable v, ControlFlowNode node.(AnalysedExpr).getNonNullSuccessor(newV) = verified and // note: this case uses naive flow logic (getAnAssignedValue). // special case: if the result of the 'realloc' is assigned to the - // same variable, we don't descriminate properly between the old + // same variable, we don't discriminate properly between the old // and the new allocation; better to not consider this a free at // all in that case. newV != v diff --git a/cpp/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql b/cpp/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql index a762abceb20..d3768c36106 100644 --- a/cpp/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +++ b/cpp/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql @@ -3,6 +3,7 @@ * @description Lists all files in the source code directory that were extracted without encountering a problem in the file. * @kind diagnostic * @id cpp/diagnostics/successfully-extracted-files + * @tags successfully-extracted-files */ import cpp diff --git a/cpp/ql/src/Documentation/DocumentApi.qhelp b/cpp/ql/src/Documentation/DocumentApi.qhelp index 9bc19d35056..4154e5cebc4 100644 --- a/cpp/ql/src/Documentation/DocumentApi.qhelp +++ b/cpp/ql/src/Documentation/DocumentApi.qhelp @@ -15,7 +15,7 @@ As an exception, because their purpose is usually obvious, it is not necessary t

    -Add comments to document the purpose of the function. In particular, ensure that the public API of the function is carefully documented. This reduces the chance that a future change to the function will introduce a defect by changing the API and breaking the expections of the calling functions. +Add comments to document the purpose of the function. In particular, ensure that the public API of the function is carefully documented. This reduces the chance that a future change to the function will introduce a defect by changing the API and breaking the expectations of the calling functions.

    diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp b/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp index aef03996053..5cae8407887 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp +++ b/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp @@ -6,7 +6,7 @@

    -This rule finds comparison expressions that use 2 or more comparison operators and are not completely paranthesized. +This rule finds comparison expressions that use 2 or more comparison operators and are not completely parenthesized. It is best to fully parenthesize complex comparison expressions to explicitly define the order of the comparison operators.

    diff --git a/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql b/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql index 293595d60d8..5b16fc7cf8f 100644 --- a/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql +++ b/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql @@ -23,7 +23,7 @@ DoStmt getAFalseLoop() { /** * Gets a `do` ... `while` loop surrounding a statement. This is blocked by a * `switch` statement, since a `continue` inside a `switch` inside a loop may be - * jusitifed (`continue` breaks out of the loop whereas `break` only escapes the + * justified (`continue` breaks out of the loop whereas `break` only escapes the * `switch`). */ DoStmt enclosingLoop(Stmt s) { diff --git a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql index 66af4f3e22d..18540ad6f02 100644 --- a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql +++ b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql @@ -25,8 +25,11 @@ class CastToPointerArithFlow extends DataFlow::Configuration { override predicate isSource(DataFlow::Node node) { not node.asExpr() instanceof Conversion and - introducesNewField(node.asExpr().getType().(DerivedType).getBaseType(), - node.asExpr().getConversion*().getType().(DerivedType).getBaseType()) + exists(Type baseType1, Type baseType2 | + hasBaseType(node.asExpr(), baseType1) and + hasBaseType(node.asExpr().getConversion*(), baseType2) and + introducesNewField(baseType1, baseType2) + ) } override predicate isSink(DataFlow::Node node) { @@ -35,6 +38,17 @@ class CastToPointerArithFlow extends DataFlow::Configuration { } } +/** + * Holds if the type of `e` is a `DerivedType` with `base` as its base type. + * + * This predicate ensures that joins go from `e` to `base` instead + * of the other way around. + */ +pragma[inline] +predicate hasBaseType(Expr e, Type base) { + pragma[only_bind_into](base) = e.getType().(DerivedType).getBaseType() +} + /** * `derived` has a (possibly indirect) base class of `base`, and at least one new * field has been introduced in the inheritance chain after `base`. diff --git a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp index 37b78dd368c..bac09fe9cf1 100644 --- a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp +++ b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp @@ -6,9 +6,9 @@

    This rule finds logical-not operator usage as an operator for in a bit-wise operation.

    -

    Due to the nature of logical operation result value, only the lowest bit could possibly be set, and it is unlikely to be intent in bitwise opeartions. Violations are often indicative of a typo, using a logical-not (!) opeartor instead of the bit-wise not (~) operator.

    +

    Due to the nature of logical operation result value, only the lowest bit could possibly be set, and it is unlikely to be intent in bitwise operations. Violations are often indicative of a typo, using a logical-not (!) operator instead of the bit-wise not (~) operator.

    This rule is restricted to analyze bit-wise and (&) and bit-wise or (|) operation in order to provide better precision.

    -

    This rule ignores instances where a double negation (!!) is explicitly used as the opeartor of the bitwise operation, as this is a commonly used as a mechanism to normalize an integer value to either 1 or 0.

    +

    This rule ignores instances where a double negation (!!) is explicitly used as the operator of the bitwise operation, as this is a commonly used as a mechanism to normalize an integer value to either 1 or 0.

    NOTE: It is not recommended to use this rule in kernel code or older C code as it will likely find several false positive instances.

     diff --git a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql index 9c0230d7514..8f7b9a4554f 100644 --- a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql +++ b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql @@ -17,7 +17,7 @@ import cpp /** * It's common in some projects to use "a double negation" to normalize the boolean * result to either 1 or 0. - * This predciate is intended to filter explicit usage of a double negation as it typically + * This predicate is intended to filter explicit usage of a double negation as it typically * indicates the explicit purpose to normalize the result for bit-wise or arithmetic purposes. */ predicate doubleNegationNormalization(NotExpr notexpr) { notexpr.getAnOperand() instanceof NotExpr } diff --git a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql index f563e5b5f9e..5d03ccc44ea 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql @@ -3,7 +3,7 @@ * @name Untrusted network-to-host usage * @description Using the result of a network-to-host byte order function, such as ntohl, as an * array bound or length value without checking it may result in buffer overflows or - * other vulnerabilties. + * other vulnerabilities. * @kind problem * @problem.severity error */ diff --git a/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp b/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp index 5cc0ae21af9..fe25fae8f4a 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp +++ b/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp @@ -49,7 +49,7 @@ pointer overflow.

    While it's not the subject of this query, the expression ptr + i < -ptr_end is also an invalid range check. It's undefined behavor in +ptr_end is also an invalid range check. It's undefined behavior in C/C++ to create a pointer that points more than one past the end of an allocation.

    diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql index ed1d4084993..26c8ae4c258 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql @@ -44,7 +44,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration { // Holds if `sink` is a node that represents the `StoreInstruction` that is subsequently used in // a `ReturnValueInstruction`. // We use the `StoreInstruction` instead of the instruction that defines the - // `ReturnValueInstruction`'s source value oprand because the former has better location information. + // `ReturnValueInstruction`'s source value operand because the former has better location information. exists(StoreInstruction store | store.getDestinationAddress().(VariableAddressInstruction).getIRVariable() instanceof IRReturnVariable and diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp index 13c1e6d2710..3ffc326585f 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp @@ -12,7 +12,7 @@ the third argument to the entire size of the destination buffer. Executing a call of this type may cause a buffer overflow unless the buffer is known to be empty.

    Similarly, calls of the form strncat(dest, src, sizeof (dest) - strlen (dest)) allow one -byte to be written ouside the dest buffer.

    +byte to be written outside the dest buffer.

    Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.

    diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql index 644c48622a2..0d46332a40a 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql @@ -24,7 +24,7 @@ import semmle.code.cpp.valuenumbering.GlobalValueNumbering * Holds if `call` is a call to `strncat` such that `sizeArg` and `destArg` are the size and * destination arguments, respectively. */ -predicate interestringCallWithArgs(Call call, Expr sizeArg, Expr destArg) { +predicate interestingCallWithArgs(Call call, Expr sizeArg, Expr destArg) { exists(StrcatFunction strcat | strcat = call.getTarget() and sizeArg = call.getArgument(strcat.getParamSize()) and @@ -37,7 +37,7 @@ predicate interestringCallWithArgs(Call call, Expr sizeArg, Expr destArg) { * argument `destArg`, and `destArg` is the size of the buffer pointed to by `destArg`. */ predicate case1(FunctionCall fc, Expr sizeArg, VariableAccess destArg) { - interestringCallWithArgs(fc, sizeArg, destArg) and + interestingCallWithArgs(fc, sizeArg, destArg) and exists(VariableAccess va | va = sizeArg.(BufferSizeExpr).getArg() and destArg.getTarget() = va.getTarget() @@ -49,7 +49,7 @@ predicate case1(FunctionCall fc, Expr sizeArg, VariableAccess destArg) { * argument `destArg`, and `sizeArg` computes the value `sizeof (dest) - strlen (dest)`. */ predicate case2(FunctionCall fc, Expr sizeArg, VariableAccess destArg) { - interestringCallWithArgs(fc, sizeArg, destArg) and + interestingCallWithArgs(fc, sizeArg, destArg) and exists(SubExpr sub, int n | // The destination buffer is an array of size n destArg.getUnspecifiedType().(ArrayType).getSize() = n and diff --git a/cpp/ql/src/Likely Bugs/ShortLoopVarName.ql b/cpp/ql/src/Likely Bugs/ShortLoopVarName.ql index 87dee3c8e30..298e4c1051a 100644 --- a/cpp/ql/src/Likely Bugs/ShortLoopVarName.ql +++ b/cpp/ql/src/Likely Bugs/ShortLoopVarName.ql @@ -48,5 +48,5 @@ where not coordinatePair(iterationVar, innerVar) select iterationVar, "Iteration variable " + iterationVar.getName() + - " for $@ should have a descriptive name, since there is $@.", outer, "this loop", inner, - "a nested loop" + " for $@ should have a descriptive name, since there is a $@.", outer, "this loop", inner, + "nested loop" diff --git a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c index a4c943f556c..c386a171e6b 100644 --- a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c +++ b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c @@ -1,4 +1,4 @@ -/* '#include ' was forgotton */ +/* '#include ' was forgotten */ int main(void) { /* 'int malloc()' assumed */ diff --git a/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp b/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp index f283056d2a8..1af359e5c50 100644 --- a/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp +++ b/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp @@ -6,7 +6,7 @@

    This metric provides an indication of the lack of cohesion of a class, using a method proposed by Chidamber and Kemerer in 1994. The idea -behind measuring a class's cohesion is that most funcions in well-designed +behind measuring a class's cohesion is that most functions in well-designed classes will access the same fields. Types that exhibit a lack of cohesion are often trying to take on multiple responsibilities, and should be split into several smaller classes. diff --git a/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp b/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp index 44bdc327634..13eef3113da 100644 --- a/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp +++ b/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp @@ -11,7 +11,7 @@ by changes to other packages. If this metric value is high, a package is easily influenced. If the values is low, the impact of changes to other packages is likely to be minimal. Instability is estimated as the number of outgoing dependencies relative to the total - number of depencies.

    + number of dependencies.

     diff --git a/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp b/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp index bac1609760b..2f6620f95aa 100644 --- a/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp +++ b/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp @@ -11,7 +11,7 @@ by changes to other packages. If this metric value is high, a package is easily influenced. If the values is low, the impact of changes to other packages is likely to be minimal. Instability is estimated as the number of outgoing dependencies relative to the total - number of depencies.

    + number of dependencies.

    diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql index 438e87a501a..00c8636369b 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql @@ -26,7 +26,7 @@ where dest = bw.getDest() and destSize = getBufferSize(dest, _) and estimated = bw.getMaxDataLimited(reason) and - // we exclude ValueFlowAnalysis as it is reported in cpp/very-likely-overruning-write + // we exclude ValueFlowAnalysis as it is reported in cpp/very-likely-overrunning-write not reason instanceof ValueFlowAnalysis and // we can deduce that too much data may be copied (even without // long '%f' conversions) diff --git a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql index d5892844370..9c456f71bbb 100644 --- a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql +++ b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql @@ -56,29 +56,26 @@ class VarargsFunction extends Function { result = strictcount(FunctionCall fc | fc = this.getACallToThisFunction()) } - string normalTerminator(int cnt) { + string normalTerminator(int cnt, int totalCount) { + // the terminator is 0 or -1 result = ["0", "-1"] and + // at least 80% of calls have the terminator cnt = this.trailingArgValueCount(result) and - 2 * cnt > this.totalCount() and - not exists(FunctionCall fc, int index | - // terminator value is used in a non-terminating position - this.nonTrailingVarArgValue(fc, index) = result - ) + totalCount = this.totalCount() and + 100 * cnt / totalCount >= 80 and + // terminator value is not used in a non-terminating position + not exists(FunctionCall fc, int index | this.nonTrailingVarArgValue(fc, index) = result) } - predicate isWhitelisted() { - this.hasGlobalName("open") or - this.hasGlobalName("fcntl") or - this.hasGlobalName("ptrace") - } + predicate isWhitelisted() { this.hasGlobalName(["open", "fcntl", "ptrace", "mremap"]) } } -from VarargsFunction f, FunctionCall fc, string terminator, int cnt +from VarargsFunction f, FunctionCall fc, string terminator, int cnt, int totalCount where - terminator = f.normalTerminator(cnt) and + terminator = f.normalTerminator(cnt, totalCount) and fc = f.getACallToThisFunction() and not normalisedExprValue(f.trailingArgumentIn(fc)) = terminator and not f.isWhitelisted() select fc, - "Calls to $@ should use the value " + terminator + " as a terminator (" + cnt + " calls do).", f, - f.getQualifiedName() + "Calls to $@ should use the value " + terminator + " as a terminator (" + cnt + " of " + + totalCount + " calls do).", f, f.getQualifiedName() diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index 76ee3b60e13..964b2ff33d8 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -135,5 +135,5 @@ where sink.getNode().asExpr() = va and missingGuard(va, effect) select sink.getNode(), source, sink, - "Arithmetic expression depends on an $@, potentially causing an " + effect + ".", + "This arithmetic expression depends on an $@, potentially causing an " + effect + ".", getExpr(source.getNode()), "uncontrolled value" diff --git a/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll b/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll index b6b0d608d2a..ff5c347e5e2 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll +++ b/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll @@ -31,7 +31,7 @@ predicate bounded(Expr e) { ) and not convertedExprMightOverflow(e) or - // Optimitically assume that a remainder expression always yields a much smaller value. + // Optimistically assume that a remainder expression always yields a much smaller value. e = any(RemExpr rem).getLeftOperand() or e = any(AssignRemExpr rem).getLValue() @@ -44,7 +44,7 @@ predicate bounded(Expr e) { boundedBitwiseAnd(e, andExpr, andExpr.getAnOperand(), andExpr.getAnOperand()) ) or - // Optimitically assume that a division always yields a much smaller value. + // Optimistically assume that a division always yields a much smaller value. e = any(DivExpr div).getLeftOperand() or e = any(AssignDivExpr div).getLValue() diff --git a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp index 519d21fd8c1..11d824c2d41 100644 --- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp +++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp @@ -5,7 +5,7 @@

    This query indicates that a call is setting the DACL field in a SECURITY_DESCRIPTOR to null.

    -

    When using SetSecurityDescriptorDacl to set a discretionary access control (DACL), setting the bDaclPresent argument to TRUE indicates the prescence of a DACL in the security description in the argument pDacl.

    +

    When using SetSecurityDescriptorDacl to set a discretionary access control (DACL), setting the bDaclPresent argument to TRUE indicates the presence of a DACL in the security description in the argument pDacl.

    When the pDacl parameter does not point to a DACL (i.e. it is NULL) and the bDaclPresent flag is TRUE, a NULL DACL is specified.

    A NULL DACL grants full access to any user who requests it; normal security checking is not performed with respect to the object.

     diff --git a/cpp/ql/src/change-notes/2022-09-21-unused-static-function.md b/cpp/ql/src/change-notes/2022-09-21-unused-static-function.md new file mode 100644 index 00000000000..80bd25b7179 --- /dev/null +++ b/cpp/ql/src/change-notes/2022-09-21-unused-static-function.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed false positives from the "Unused static function" (`cpp/unused-static-function`) query in files that had errors during compilation. diff --git a/cpp/ql/src/change-notes/2022-09-30-comma-before-missing-indentation.md b/cpp/ql/src/change-notes/2022-09-30-comma-before-missing-indentation.md new file mode 100644 index 00000000000..dad3b0b3377 --- /dev/null +++ b/cpp/ql/src/change-notes/2022-09-30-comma-before-missing-indentation.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new medium-precision query, `cpp/comma-before-misleading-indentation`, which detects instances of whitespace that have readability issues. diff --git a/cpp/ql/src/change-notes/2022-10-06-unterminated-variadic-call.md b/cpp/ql/src/change-notes/2022-10-06-unterminated-variadic-call.md new file mode 100644 index 00000000000..d986ba666ff --- /dev/null +++ b/cpp/ql/src/change-notes/2022-10-06-unterminated-variadic-call.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The "Unterminated variadic call" (`cpp/unterminated-variadic-call`) query has been tuned to produce fewer false positive results. diff --git a/cpp/ql/src/change-notes/released/0.0.8.md b/cpp/ql/src/change-notes/released/0.0.8.md index 268d87d92a7..c9739887dd5 100644 --- a/cpp/ql/src/change-notes/released/0.0.8.md +++ b/cpp/ql/src/change-notes/released/0.0.8.md @@ -4,7 +4,7 @@ * The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default. * The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high. -* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`. +* A new `cpp/very-likely-overrunning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overrunning-write`. ### Minor Analysis Improvements diff --git a/cpp/ql/src/change-notes/released/0.4.1.md b/cpp/ql/src/change-notes/released/0.4.1.md new file mode 100644 index 00000000000..f5e1dbf00ed --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.4.1.md @@ -0,0 +1,5 @@ +## 0.4.1 + +### Minor Analysis Improvements + +* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 458bfbeccff..89fa3a87180 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.0 +lastReleaseVersion: 0.4.1 diff --git a/cpp/ql/src/definitions.ql b/cpp/ql/src/definitions.ql index 84ef77fdc9d..c12277eaf23 100644 --- a/cpp/ql/src/definitions.ql +++ b/cpp/ql/src/definitions.ql @@ -13,6 +13,6 @@ where def = definitionOf(e, kind) and // We need to exclude definitions for elements inside template instantiations, // as these often lead to multiple links to definitions from the same source location. - // LGTM does not support this bevaviour. + // LGTM does not support this behaviour. not e.isFromTemplateInstantiation(_) select e, def, kind diff --git a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql index ee1cca9b6e9..e13ea7091ba 100644 --- a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql +++ b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql @@ -1,7 +1,7 @@ /** * @id cpp/wrong-uint-access * @name Wrong Uint - * @descripion Acess an array of size lower than 256 with a uint16. + * @description Access an array of size lower than 256 with a uint16. * @kind problem * @problem.severity recommendation * @tags efficiency @@ -21,5 +21,5 @@ where ) and defLine.getArraySize() <= 256 select useExpr, - "Using a " + useExpr.getArrayOffset().getType() + " to acess the array $@ of size " + + "Using a " + useExpr.getArrayOffset().getType() + " to access the array $@ of size " + defLine.getArraySize() + ".", var, var.getName() diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.c b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.c new file mode 100644 index 00000000000..63cd5488f44 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.c @@ -0,0 +1,19 @@ + +int main(int argc, char** argv) { + char *filePath = argv[2]; + + { + // BAD: the user-controlled string is injected + // directly into `wordexp` which performs command substitution + + wordexp_t we; + wordexp(filePath, &we, 0); + } + + { + // GOOD: command substitution is disabled + + wordexp_t we; + wordexp(filePath, &we, WRDE_NOCMD); + } +} diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.qhelp new file mode 100644 index 00000000000..6dd9662c57d --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.qhelp @@ -0,0 +1,42 @@ + + + +

    The code passes user input to wordexp. This leaves the code +vulnerable to attack by command injection, because wordexp performs command substitution. +Command substitution is a feature that replaces $(command) or `command` with the +output of the given command, allowing the user to run arbitrary code on the system. +

    + +     + + +

    When calling wordexp, pass the WRDE_NOCMD flag to prevent command substitution.

    + +     + +

    The following example passes a user-supplied file path to wordexp in two ways. The +first way uses wordexp with no specified flags. As such, it is vulnerable to command +injection. +The second way uses wordexp with the WRDE_NOCMD flag. As such, no command substitution +is performed, making this safe from command injection.

    + + +     + + +
  • CERT C Coding Standard: +STR02-C. +Sanitize data passed to complex subsystems.
    • +
  • +OWASP: +Command Injection. +
    • + + + + +     +     diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql new file mode 100644 index 00000000000..40b61ff60f6 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql @@ -0,0 +1,57 @@ +/** + * @name Uncontrolled data used in `wordexp` command + * @description Using user-supplied data in a `wordexp` command, without + * disabling command substitution, can make code vulnerable + * to command injection. + * @kind path-problem + * @problem.severity error + * @precision high + * @id cpp/wordexp-injection + * @tags security + * external/cwe/cwe-078 + */ + +import cpp +import semmle.code.cpp.ir.dataflow.TaintTracking +import semmle.code.cpp.security.FlowSources +import DataFlow::PathGraph + +/** + * The `wordexp` function, which can perform command substitution. + */ +private class WordexpFunction extends Function { + WordexpFunction() { hasGlobalName("wordexp") } +} + +/** + * Holds if `fc` disables command substitution by containing `WRDE_NOCMD` as a flag argument. + */ +private predicate isCommandSubstitutionDisabled(FunctionCall fc) { + fc.getArgument(2).getValue().toInt().bitAnd(4) = 4 + /* 4 = WRDE_NOCMD. Check whether the flag is set. */ +} + +/** + * A configuration to track user-supplied data to the `wordexp` function. + */ +class WordexpTaintConfiguration extends TaintTracking::Configuration { + WordexpTaintConfiguration() { this = "WordexpTaintConfiguration" } + + override predicate isSource(DataFlow::Node source) { source instanceof FlowSource } + + override predicate isSink(DataFlow::Node sink) { + exists(FunctionCall fc | fc.getTarget() instanceof WordexpFunction | + fc.getArgument(0) = sink.asExpr() and + not isCommandSubstitutionDisabled(fc) + ) + } + + override predicate isSanitizer(DataFlow::Node node) { + node.asExpr().getUnspecifiedType() instanceof IntegralType + } +} + +from WordexpTaintConfiguration conf, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode +where conf.hasFlowPath(sourceNode, sinkNode) +select sinkNode.getNode(), sourceNode, sinkNode, + "Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection." diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.cpp new file mode 100644 index 00000000000..408ae2d5e53 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.cpp @@ -0,0 +1,17 @@ +#define MAX_SIZE 1024 + +struct FixedArray { + int buf[MAX_SIZE]; +}; + +int main(){ + FixedArray arr; + + for(int i = 0; i <= MAX_SIZE; i++) { + arr.buf[i] = 0; // BAD + } + + for(int i = 0; i < MAX_SIZE; i++) { + arr.buf[i] = 0; // GOOD + } +} \ No newline at end of file diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.qhelp new file mode 100644 index 00000000000..c9e2673f079 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.qhelp @@ -0,0 +1,29 @@ + + + +

    The program performs an out-of-bounds read or write operation. In addition to causing program instability, techniques exist which may allow an attacker to use this vulnerability to execute arbitrary code.

    + +     + + +

    Ensure that pointer dereferences are properly guarded to ensure that they cannot be used to read or write past the end of the allocation.

    + +     + +

    The first example uses a for loop which is improperly bounded by a non-strict less-than operation and will write one position past the end of the array. The second example bounds the for loop properly with a strict less-than operation.

    + + +     + + +
  • CERT C Coding Standard: +ARR30-C. Do not form or use out-of-bounds pointers or array subscripts.
    • +
  • +OWASP: +Buffer Overflow. +
    • + +     +     diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql new file mode 100644 index 00000000000..990c4356425 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -0,0 +1,107 @@ +/** + * @name Constant array overflow + * @description Dereferencing a pointer that points past a statically-sized array is undefined behavior + * and may lead to security vulnerabilities + * @kind path-problem + * @problem.severity error + * @id cpp/constant-array-overflow + * @tags reliability + * security + */ + +import experimental.semmle.code.cpp.semantic.analysis.RangeAnalysis +import experimental.semmle.code.cpp.semantic.SemanticBound +import experimental.semmle.code.cpp.semantic.SemanticExprSpecific +import semmle.code.cpp.ir.IR +import experimental.semmle.code.cpp.ir.dataflow.DataFlow +import experimental.semmle.code.cpp.ir.dataflow.DataFlow2 +import DataFlow2::PathGraph + +pragma[nomagic] +Instruction getABoundIn(SemBound b, IRFunction func) { + result = b.getExpr(0) and + result.getEnclosingIRFunction() = func +} + +/** + * Holds if `i <= b + delta`. + */ +pragma[nomagic] +predicate bounded(Instruction i, Instruction b, int delta) { + exists(SemBound bound, IRFunction func | + semBounded(getSemanticExpr(i), bound, delta, true, _) and + b = getABoundIn(bound, func) and + i.getEnclosingIRFunction() = func + ) +} + +class FieldAddressToPointerArithmeticConf extends DataFlow::Configuration { + FieldAddressToPointerArithmeticConf() { this = "FieldAddressToPointerArithmeticConf" } + + override predicate isSource(DataFlow::Node source) { isFieldAddressSource(_, source) } + + override predicate isSink(DataFlow::Node sink) { + exists(PointerAddInstruction pai | pai.getLeft() = sink.asInstruction()) + } +} + +predicate isFieldAddressSource(Field f, DataFlow::Node source) { + source.asInstruction().(FieldAddressInstruction).getField() = f +} + +/** + * Holds if `sink` is a sink for `InvalidPointerToDerefConf` and `i` is a `StoreInstruction` that + * writes to an address that non-strictly upper-bounds `sink`, or `i` is a `LoadInstruction` that + * reads from an address that non-strictly upper-bounds `sink`. + */ +predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string operation) { + exists(AddressOperand addr, int delta | + bounded(addr.getDef(), sink.asInstruction(), delta) and + delta >= 0 and + i.getAnOperand() = addr + | + i instanceof StoreInstruction and + operation = "write" + or + i instanceof LoadInstruction and + operation = "read" + ) +} + +predicate isConstantSizeOverflowSource(Field f, PointerAddInstruction pai, int delta) { + exists( + int size, int bound, FieldAddressToPointerArithmeticConf conf, DataFlow::Node source, + DataFlow::InstructionNode sink + | + conf.hasFlow(source, sink) and + isFieldAddressSource(f, source) and + pai.getLeft() = sink.asInstruction() and + f.getUnspecifiedType().(ArrayType).getArraySize() = size and + semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and + delta = bound - size and + delta >= 0 and + size != 0 and + size != 1 + ) +} + +class PointerArithmeticToDerefConf extends DataFlow2::Configuration { + PointerArithmeticToDerefConf() { this = "PointerArithmeticToDerefConf" } + + override predicate isSource(DataFlow::Node source) { + isConstantSizeOverflowSource(_, source.asInstruction(), _) + } + + override predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) } +} + +from + Field f, DataFlow2::PathNode source, DataFlow2::PathNode sink, Instruction deref, + PointerArithmeticToDerefConf conf, string operation, int delta +where + conf.hasFlowPath(source, sink) and + isInvalidPointerDerefSink(sink.getNode(), deref, operation) and + isConstantSizeOverflowSource(f, source.getNode().asInstruction(), delta) +select source, source, sink, + "This pointer arithmetic may have an off-by-" + (delta + 1) + + " error allowing it to overrun $@ at this $@.", f, f.getName(), deref, operation diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 71bcbfaf2ee..d2593dd05a0 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -76,7 +76,7 @@ private predicate hasSizeImpl(Expr e, DataFlow::Node n, string state) { * Holds if `(n, state)` pair represents the source of flow for the size * expression associated with `alloc`. */ -predicate hasSize(AllocationExpr alloc, DataFlow::Node n, string state) { +predicate hasSize(HeuristicAllocationExpr alloc, DataFlow::Node n, string state) { hasSizeImpl(alloc.getSizeExpr(), n, state) } @@ -132,6 +132,8 @@ class AllocToInvalidPointerConf extends ProductFlow::Configuration { override predicate isBarrierOut2(DataFlow::Node node) { node = any(DataFlow::SsaPhiNode phi).getAnInput(true) } + + override predicate isBarrierIn1(DataFlow::Node node) { this.isSourcePair(node, _, _, _) } } pragma[nomagic] diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql index 3c079728bcc..0491d711833 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql @@ -1,7 +1,7 @@ /** * @name LinuxPrivilegeDroppingOutoforder * @description A syscall commonly associated with privilege dropping is being called out of order. - * Normally a process drops group ID and sets supplimental groups for the target user + * Normally a process drops group ID and sets supplemental groups for the target user * before setting the target user ID. This can have security impact if the return code * from these methods is not checked. * @kind problem diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql index 7169f3bead3..39ab8c1ead4 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql @@ -2,7 +2,7 @@ * @name Linux kernel double-fetch vulnerability detection * @description Double-fetch is a very common vulnerability pattern * in linux kernel, attacker can exploit double-fetch - * issues to obatain root privilege. + * issues to obtain root privilege. * Double-fetch is caused by fetching data from user * mode by calling copy_from_user twice, CVE-2016-6480 * is quite a good example for your information. diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql index 7fc26e54ae9..2de9cf5fc78 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql @@ -84,7 +84,7 @@ predicate isConditionBig(SwitchStmt swtmp) { } /** Holds if there are labels inside the block with names similar to `default` or `case`. */ -predicate isWrongLableName(SwitchStmt swtmp) { +predicate isWrongLabelName(SwitchStmt swtmp) { not swtmp.hasDefaultCase() and exists(LabelStmt lb | ( @@ -147,7 +147,7 @@ where isConditionBig(sw) and msg = "The range of condition values is wider than the choices." ) or - isWrongLableName(sw) and msg = "Possibly erroneous label name." + isWrongLabelName(sw) and msg = "Possibly erroneous label name." or isCodeBeforeCase(sw) and msg = "Code before case will not be executed." select sw, msg diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql index a88cd107b33..97c1e410066 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql @@ -24,7 +24,7 @@ where texp.getEnclosingStmt().getParentStmt*() = ts.getStmt() and not ts.getACatchClause().isEmpty() ) and - msg = "DllMain contains an exeption not wrapped in a try..catch block." + msg = "DllMain contains an exception not wrapped in a try..catch block." or texp.getExpr().isParenthesised() and texp.getExpr().(CommaExpr).getLeftOperand().isConstant() and diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp index ab40910f5d3..69402cc08ae 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp +++ b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp @@ -12,7 +12,7 @@ The user should check the return value of `scanf` and related functions and chec

    -

    The first first example below is correct, as value of `i` is only read once it is checked that `scanf` has read one item. The second example is incorrect, as the return value of `scanf` is not checked, and as `scanf` might have failed to read any item before returning.

    +

    The first example below is correct, as value of `i` is only read once it is checked that `scanf` has read one item. The second example is incorrect, as the return value of `scanf` is not checked, and as `scanf` might have failed to read any item before returning.

     diff --git a/cpp/ql/src/external/CodeDuplication.qll b/cpp/ql/src/external/CodeDuplication.qll index e50323f7087..be2dc162e74 100644 --- a/cpp/ql/src/external/CodeDuplication.qll +++ b/cpp/ql/src/external/CodeDuplication.qll @@ -292,7 +292,7 @@ deprecated predicate duplicateFiles(File f, File other, int percent) { } /** - * DEPRECATED: Information on duplciate classes is no longer available. + * DEPRECATED: Information on duplicate classes is no longer available. * * Holds if most member functions of `c` (`numDup` out of `total`) are * duplicates of member functions in `other`. @@ -313,7 +313,7 @@ deprecated predicate mostlyDuplicateClassBase(Class c, Class other, int numDup, } /** - * DEPRECATED: Information on duplciate classes is no longer available. + * DEPRECATED: Information on duplicate classes is no longer available. * * Holds if most member functions of `c` are duplicates of member functions in * `other`. Provides the human-readable `message` to describe the amount of diff --git a/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp b/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp index 771d7e23e52..bc51714ec69 100644 --- a/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp +++ b/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp @@ -5,12 +5,12 @@

    Some header files, such as those which define structures or classes, cannot be included more than once within a translation unit, as doing so would -cause a redefinition error. Such headers must be guarded to prevent ill-effects from multiple inclusion. Simlarly, if header files include other +cause a redefinition error. Such headers must be guarded to prevent ill-effects from multiple inclusion. Similarly, if header files include other header files, and this inclusion graph contains a cycle, then at least one file within the cycle must contain header guards in order to break the cycle. Because of cases like these, all headers should be guarded as a matter of good practice, even if they do not strictly need to be.

    -Furthermore, most modern compilers contain optimisations which are triggered by header guards. If the header guard strictly conforms to the pattern +Furthermore, most modern compilers contain optimizations which are triggered by header guards. If the header guard strictly conforms to the pattern that compilers expect, then inclusions of that header other than the first have absolutely no effect: the file isn't re-read from disk, nor is it re-tokenised or re-preprocessed. This can result in a noticeable, albeit minor, improvement to compilation time.

    diff --git a/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql b/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql index 5eef707432e..0192041dfe8 100644 --- a/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql +++ b/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql @@ -14,4 +14,4 @@ from Function f where f.fromSource() and f.calls+(f) -select f, "Functions shall not call theselves, either directly or indirectly." +select f, "Functions shall not call themselves, either directly or indirectly." diff --git a/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql b/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql index 068715dbf8f..6f22e04b9e9 100644 --- a/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql +++ b/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql @@ -41,4 +41,4 @@ where not ae.getParent() instanceof ExprStmt and not ae instanceof ForStmtSideEffectExpr select ae, - "AV Rule 160: An assignment expression shall be used only as the exprression in an expression statement." + "AV Rule 160: An assignment expression shall be used only as the expression in an expression statement." diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 12c12ffe83e..169ac0a41ee 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.4.1-dev +version: 0.4.2-dev groups: - cpp - queries diff --git a/cpp/ql/test/examples/BadLocking/LocalVariableHidesGlobalVariable.expected b/cpp/ql/test/examples/BadLocking/LocalVariableHidesGlobalVariable.expected index 4aaecc3b3bd..531452ba1b4 100644 --- a/cpp/ql/test/examples/BadLocking/LocalVariableHidesGlobalVariable.expected +++ b/cpp/ql/test/examples/BadLocking/LocalVariableHidesGlobalVariable.expected @@ -1 +1 @@ -| UnintendedDeclaration.cpp:65:14:65:20 | definition of myMutex | Local variable myMutex hides $@ with the same name. | UnintendedDeclaration.cpp:40:7:40:13 | myMutex | a global variable | +| UnintendedDeclaration.cpp:65:14:65:20 | definition of myMutex | Local variable myMutex hides a $@ with the same name. | UnintendedDeclaration.cpp:40:7:40:13 | myMutex | global variable | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected new file mode 100644 index 00000000000..a8d7a480c81 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected @@ -0,0 +1,11 @@ +edges +| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | +| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | +nodes +| test.cpp:23:20:23:23 | argv | semmle.label | argv | +| test.cpp:29:13:29:20 | (const char *)... | semmle.label | (const char *)... | +| test.cpp:29:13:29:20 | filePath | semmle.label | filePath | +subpaths +#select +| test.cpp:29:13:29:20 | (const char *)... | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref new file mode 100644 index 00000000000..ecff539f3e6 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref @@ -0,0 +1 @@ +experimental/Security/CWE/CWE-078/WordexpTainted.ql \ No newline at end of file diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/test.cpp new file mode 100644 index 00000000000..0ae98b8f163 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/test.cpp @@ -0,0 +1,45 @@ +#ifdef _MSC_VER +#define restrict __restrict +#else +#define restrict __restrict__ +#endif + +typedef unsigned long size_t; + +typedef struct { + size_t we_wordc; + char **we_wordv; + size_t we_offs; +} wordexp_t; + +enum { + WRDE_APPEND = (1 << 1), + WRDE_NOCMD = (1 << 2) +}; + +int wordexp(const char *restrict s, wordexp_t *restrict p, int flags); + +int main(int argc, char** argv) { + char *filePath = argv[2]; + + { + // BAD: the user string is injected directly into `wordexp` which performs command substitution + + wordexp_t we; + wordexp(filePath, &we, 0); + } + + { + // GOOD: command substitution is disabled + + wordexp_t we; + wordexp(filePath, &we, WRDE_NOCMD); + } + + { + // GOOD: command substitution is disabled + + wordexp_t we; + wordexp(filePath, &we, WRDE_NOCMD | WRDE_APPEND); + } +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected new file mode 100644 index 00000000000..9d68450439e --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -0,0 +1,37 @@ +edges +| test.cpp:66:32:66:32 | p | test.cpp:66:32:66:32 | Load | +| test.cpp:66:32:66:32 | p | test.cpp:67:5:67:6 | * ... | +| test.cpp:66:32:66:32 | p | test.cpp:67:6:67:6 | Load | +| test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | +| test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:26:77:44 | & ... | +nodes +| test.cpp:35:5:35:22 | access to array | semmle.label | access to array | +| test.cpp:36:5:36:24 | access to array | semmle.label | access to array | +| test.cpp:43:9:43:19 | access to array | semmle.label | access to array | +| test.cpp:49:5:49:22 | access to array | semmle.label | access to array | +| test.cpp:50:5:50:24 | access to array | semmle.label | access to array | +| test.cpp:57:9:57:19 | access to array | semmle.label | access to array | +| test.cpp:61:9:61:19 | access to array | semmle.label | access to array | +| test.cpp:66:32:66:32 | Load | semmle.label | Load | +| test.cpp:66:32:66:32 | p | semmle.label | p | +| test.cpp:66:32:66:32 | p | semmle.label | p | +| test.cpp:67:5:67:6 | * ... | semmle.label | * ... | +| test.cpp:67:6:67:6 | Load | semmle.label | Load | +| test.cpp:72:5:72:15 | access to array | semmle.label | access to array | +| test.cpp:77:26:77:44 | & ... | semmle.label | & ... | +| test.cpp:77:27:77:44 | access to array | semmle.label | access to array | +subpaths +#select +| test.cpp:35:5:35:22 | access to array | test.cpp:35:5:35:22 | access to array | test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write | +| test.cpp:36:5:36:24 | access to array | test.cpp:36:5:36:24 | access to array | test.cpp:36:5:36:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:36:5:36:28 | Store: ... = ... | write | +| test.cpp:43:9:43:19 | access to array | test.cpp:43:9:43:19 | access to array | test.cpp:43:9:43:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:43:9:43:23 | Store: ... = ... | write | +| test.cpp:49:5:49:22 | access to array | test.cpp:49:5:49:22 | access to array | test.cpp:49:5:49:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:49:5:49:26 | Store: ... = ... | write | +| test.cpp:50:5:50:24 | access to array | test.cpp:50:5:50:24 | access to array | test.cpp:50:5:50:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:50:5:50:28 | Store: ... = ... | write | +| test.cpp:57:9:57:19 | access to array | test.cpp:57:9:57:19 | access to array | test.cpp:57:9:57:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:57:9:57:23 | Store: ... = ... | write | +| test.cpp:61:9:61:19 | access to array | test.cpp:61:9:61:19 | access to array | test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write | +| test.cpp:72:5:72:15 | access to array | test.cpp:72:5:72:15 | access to array | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:66:32:66:32 | Load | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:67:6:67:6 | Load | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.qlref new file mode 100644 index 00000000000..082e8951c70 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.qlref @@ -0,0 +1 @@ +experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp new file mode 100644 index 00000000000..df4cd7b4491 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp @@ -0,0 +1,80 @@ +#define MAX_SIZE 1024 + +struct ZeroArray { + int size; + int buf[0]; +}; + +struct OneArray { + int size; + int buf[1]; +}; + +struct BigArray { + int size; + int buf[MAX_SIZE]; +}; + +struct ArrayAndFields { + int buf[MAX_SIZE]; + int field1; + int field2; +}; + +// tests for dynamic-size trailing arrays +void testZeroArray(ZeroArray *arr) { + arr->buf[0] = 0; +} + +void testOneArray(OneArray *arr) { + arr->buf[1] = 0; +} + +void testBig(BigArray *arr) { + arr->buf[MAX_SIZE-1] = 0; // GOOD + arr->buf[MAX_SIZE] = 0; // BAD + arr->buf[MAX_SIZE+1] = 0; // BAD + + for(int i = 0; i < MAX_SIZE; i++) { + arr->buf[i] = 0; // GOOD + } + + for(int i = 0; i <= MAX_SIZE; i++) { + arr->buf[i] = 0; // BAD + } +} + +void testFields(ArrayAndFields *arr) { + arr->buf[MAX_SIZE-1] = 0; // GOOD + arr->buf[MAX_SIZE] = 0; // BAD? + arr->buf[MAX_SIZE+1] = 0; // BAD? + + for(int i = 0; i < MAX_SIZE; i++) { + arr->buf[i] = 0; // GOOD + } + + for(int i = 0; i <= MAX_SIZE; i++) { + arr->buf[i] = 0; // BAD? + } + + for(int i = 0; i < MAX_SIZE+2; i++) { + arr->buf[i] = 0; // BAD? + } + // is this different if it's a memcpy? +} + +void assignThroughPointer(int *p) { + *p = 0; // ??? should the result go at a flow source? +} + +void addToPointerAndAssign(int *p) { + p[MAX_SIZE-1] = 0; // GOOD + p[MAX_SIZE] = 0; // BAD +} + +void testInterproc(BigArray *arr) { + assignThroughPointer(&arr->buf[MAX_SIZE-1]); // GOOD + assignThroughPointer(&arr->buf[MAX_SIZE]); // BAD + + addToPointerAndAssign(arr->buf); +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected index af032eb387e..3bb6a86801f 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected @@ -1,3 +1,3 @@ | test.cpp:35:3:35:33 | call to runtime_error | Object creation of exception type on stack. Did you forget the throw keyword? | | test.cpp:41:3:41:11 | call to funcTest1 | There is an exception in the function that requires your attention. | -| test.cpp:42:3:42:9 | call to DllMain | DllMain contains an exeption not wrapped in a try..catch block. | +| test.cpp:42:3:42:9 | call to DllMain | DllMain contains an exception not wrapped in a try..catch block. | diff --git a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql index e8eb7a4a217..d3e44c868cf 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql +++ b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql @@ -17,7 +17,7 @@ class RangeAnalysisTest extends InlineExpectationsTest { tag = "range" and element = e.toString() and location = e.getLocation() and - value = getARangeString(e) + value = quote(getARangeString(e)) ) } } @@ -33,6 +33,9 @@ private string getOffsetString(int value) { if value >= 0 then result = "+" + value.toString() else result = value.toString() } +bindingset[s] +string quote(string s) { if s.matches("% %") then result = "\"" + s + "\"" else result = s } + bindingset[delta] private string getBoundString(SemBound b, int delta) { b instanceof SemZeroBound and result = delta.toString() diff --git a/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp new file mode 100644 index 00000000000..38eaeab3b12 --- /dev/null +++ b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp @@ -0,0 +1,999 @@ +#include "test_util.h" + +struct List { + struct List* next; +}; + +int test1(struct List* p) { + int count = 0; + for (; p; p = p->next) { + count = count+1; + range(count); // $ range===count:p+1 range=>=1 + } + range(count); // $ range=>=0 + return count; +} + +int test2(struct List* p) { + int count = 0; + for (; p; p = p->next) { + count = (count+1) % 10; + range(count); // $ range=<=9 + } + range(count); // $ range=<=9 + return count; +} + +int test3(struct List* p) { + int count = 0; + for (; p; p = p->next) { + range(count++); // $ range=<=9 + count = count % 10; + range(count); // $ range=<=9 + } + range(count); // $ range=<=9 + return count; +} + +int test4() { + int i = 0; + int total = 0; + for (i = 0; i < 2; i = i+1) { + range(i); // $ range=<=1 range=>=0 + range(total); + total += i; + range(total); + } + range(total); + range(i); // $ range===2 + range(total + i); // $ range=>=i+1 + return total + i; +} + +int test5() { + int i = 0; + int total = 0; + for (i = 0; i < 2; i++) { + range(i); // $ range=<=1 range=>=0 + range(total); + total += i; + range(total); + } + range(total); + range(i); // $ range===2 + range(total + i); // $ range=>=i+1 + return total + i; +} + +int test6() { + int i = 0; + int total = 0; + for (i = 0; i+2 < 4; i = i+1) { + range(i); // $ range=<=1 range=>=0 + range(total); + total += i; + range(total); + } + return total + i; +} + +int test7(int i) { + if (i < 4) { + if (i < 5) { + range(i); // $ range=<=3 + return i; + } + range(i); // $ range=<=3 range=>=5 + } + range(i); + return 1; +} + +int test8(int x, int y) { + if (-1000 < y && y < 10) { + range(y); // $ range=<=9 range=>=-999 + if (x < y-2) { + range(x); // $ range=<=6 range=<=y-3 + range(y); // $ range=<=9 range=>=-999 range=>=x+3 + return x; + } + range(x); // $ range=>=-1001 range=>=y-2 + range(y); // $ range=<=9 range=<=x+2 range=>=-999 + } + range(x); + range(y); + return y; +} + +int test9(int x, int y) { + if (y == 0) { + if (x < 4) { + range(x); // $ range=<=3 + return 0; + } + range(x); // $ range=>=4 + } else { + if (x < 4) { + range(x); // $ range=<=3 + return 1; + } + range(x); // $ range=>=4 + } + return x; +} + +int test10(int x, int y) { + if (y > 7) { + range(y); // $ range=>=8 + if (x < y) { + range(x); // $ range=<=y-1 + range(y); // $ range=>=8 range=>=x+1 + return 0; + } + range(x); // $ range=>=8 range=>=y+0 + range(y); // $ range=<=x+0 range=>=8 + return x; + } + range(y); // $ range=<=7 + return 1; +} + +int test11(char *p) { + char c; + c = *p; + range(*p); + if (c != '\0') { + *p++ = '\0'; + range(p); // $ range===p+1 + range(*p); + } + if (c == ':') { + range(c); + c = *p; + range(*p); + if (c != '\0') { + range(c); + *p++ = '\0'; + range(p); // $ range=<=p+2 range===c+1 range=>=p+1 + } + if (c != ',') { + return 1; + } + } + return 0; +} + +typedef unsigned long long size_type; + +size_type test12_helper() { + static size_type n = 0; + return n++; +} + +int test12() { + size_type Start = 0; + while (Start <= test12_helper()-1) + { + range(Start); // $ range=>=0 + const size_type Length = test12_helper(); + Start += Length + 1; + range(Start); // $ range=>=1 range=>=Start+1 range=">=call to test12_helper+1" + } + range(Start); // $ range=>=0 + + return 1; +} + +// Tests for overflow conditions. +int test13(char c, int i) { + unsigned char uc = c; + range(uc); + unsigned int x = 0; + unsigned int y = x-1; + range(y); // $ range===-1 + int z = i+1; + range(z); // $ range===i+1 + range(c + i + uc + x + y + z); // $ range=>=1 range=">=... - ...+0" + range((double)(c + i + uc + x + y + z)); // $ range=>=1 range=">=... - ...+0" + return (double)(c + i + uc + x + y + z); +} + +// Regression test for ODASA-6013. +int test14(int x) { + int x0 = (int)(char)x; + range(x0); + int x1 = (int)(unsigned char)x; + range(x1); + int x2 = (int)(unsigned short)x; + range(x2); + int x3 = (int)(unsigned int)x; + range(x3); + char c0 = x; + range(c0); + unsigned short s0 = x; + range(s0); + range(x0 + x1 + x2 + x3 + c0 + s0); + return x0 + x1 + x2 + x3 + c0 + s0; +} + +long long test15(long long x) { + return (x > 0 && (range(x), x == (int)x)) ? // $ range=>=1 + (range(x), x) : // $ range=>=1 + (range(x), -1); +} + +// Tests for unary operators. +int test_unary(int a) { + int total = 0; + + if (3 <= a && a <= 11) { + range(a); // $ range=<=11 range=>=3 + int b = +a; + range(b); // $ range=<=11 range=>=3 + int c = -a; + range(c); + range(b+c); // $ range=<=10 range="<=+ ...:a-1" range=">=- ...+1" + total += b+c; + range(total); + } + if (0 <= a && a <= 11) { + range(a); // $ range=<=11 range=>=0 + int b = +a; + range(b); // $ range=<=11 range=>=0 + int c = -a; + range(c); + range(b+c); // $ range=<=11 range="<=+ ...:a+0" range=">=- ...+0" + total += b+c; + range(total); + } + if (-7 <= a && a <= 11) { + range(a); // $ range=<=11 range=>=-7 + int b = +a; + range(b); // $ range=<=11 range=>=-7 + int c = -a; + range(c); + range(b+c); + total += b+c; + range(total); + } + if (-7 <= a && a <= 1) { + range(a); // $ range=<=1 range=>=-7 + int b = +a; + range(b); // $ range=<=1 range=>=-7 + int c = -a; + range(c); + range(b+c); + total += b+c; + range(total); + } + if (-7 <= a && a <= 0) { + range(a); // $ range=<=0 range=>=-7 + int b = +a; + range(b); // $ range=<=0 range=>=-7 + int c = -a; + range(c); + range(b+c); // $ range="<=- ...+0" range=">=+ ...:a+0" range=>=-7 + total += b+c; + range(total); + } + if (-7 <= a && a <= -2) { + range(a); // $ range=<=-2 range=>=-7 + int b = +a; + range(b); // $ range=<=-2 range=>=-7 + int c = -a; + range(c); + range(b+c); // $ range="<=- ...-1" range=">=+ ...:a+1" range=>=-6 + total += b+c; + range(total); + } + range(total); + return total; +} + + +// Tests for multiplication. +int test_mult01(int a, int b) { + int total = 0; + + if (3 <= a && a <= 11 && 5 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=23 range=>=5 + int r = a*b; // 15 .. 253 + range(r); + total += r; + range(total); // $ range=>=1 + } + if (3 <= a && a <= 11 && 0 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=23 range=>=0 + int r = a*b; // 0 .. 253 + range(r); + total += r; + range(total); // $ range=>=0 range=>=3+0 + } + if (3 <= a && a <= 11 && -13 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=23 range=>=-13 + int r = a*b; // -143 .. 253 + range(r); + total += r; + range(total); + } + if (3 <= a && a <= 11 && -13 <= b && b <= 0) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=0 range=>=-13 + int r = a*b; // -143 .. 0 + range(r); + total += r; + range(total); // $ range=<=3+0 + } + if (3 <= a && a <= 11 && -13 <= b && b <= -7) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=-7 range=>=-13 + int r = a*b; // -143 .. -21 + range(r); + total += r; + range(total); // $ range=<=3-1 + } + range(total); // $ range=<=3+0 + return total; +} + +// Tests for multiplication. +int test_mult02(int a, int b) { + int total = 0; + + if (0 <= a && a <= 11 && 5 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=0 + range(b); // $ range=<=23 range=>=5 + int r = a*b; // 0 .. 253 + range(r); + total += r; + range(total); // $ range=>=0 + } + if (0 <= a && a <= 11 && 0 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=0 + range(b); // $ range=<=23 range=>=0 + int r = a*b; // 0 .. 253 + range(r); + total += r; + range(total); // $ range=>=0 range=>=0+0 + } + if (0 <= a && a <= 11 && -13 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=0 + range(b); // $ range=<=23 range=>=-13 + int r = a*b; // -143 .. 253 + range(r); + total += r; + range(total); + } + if (0 <= a && a <= 11 && -13 <= b && b <= 0) { + range(a); // $ range=<=11 range=>=0 + range(b); // $ range=<=0 range=>=-13 + int r = a*b; // -143 .. 0 + range(r); + total += r; + range(total); // $ range=<=0+0 + } + if (0 <= a && a <= 11 && -13 <= b && b <= -7) { + range(a); // $ range=<=11 range=>=0 + range(b); // $ range=<=-7 range=>=-13 + int r = a*b; // -143 .. 0 + range(r); + total += r; + range(total); // $ range=<=0+0 + } + range(total); // $ range=<=0+0 + return total; +} + +// Tests for multiplication. +int test_mult03(int a, int b) { + int total = 0; + + if (-17 <= a && a <= 11 && 5 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=-17 + range(b); // $ range=<=23 range=>=5 + int r = a*b; // -391 .. 253 + range(r); + total += r; + range(total); + } + if (-17 <= a && a <= 11 && 0 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=-17 + range(b); // $ range=<=23 range=>=0 + int r = a*b; // -391 .. 253 + range(r); + total += r; + range(total); + } + if (-17 <= a && a <= 11 && -13 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=-17 + range(b); // $ range=<=23 range=>=-13 + int r = a*b; // -391 .. 253 + range(r); + total += r; + range(total); + } + if (-17 <= a && a <= 11 && -13 <= b && b <= 0) { + range(a); // $ range=<=11 range=>=-17 + range(b); // $ range=<=0 range=>=-13 + int r = a*b; // -143 .. 221 + range(r); + total += r; + range(total); + } + if (-17 <= a && a <= 11 && -13 <= b && b <= -7) { + range(a); // $ range=<=11 range=>=-17 + range(b); // $ range=<=-7 range=>=-13 + int r = a*b; // -143 .. 221 + range(r); + total += r; + range(total); + } + range(total); + return total; +} + +// Tests for multiplication. +int test_mult04(int a, int b) { + int total = 0; + + if (-17 <= a && a <= 0 && 5 <= b && b <= 23) { + range(a); // $ range=<=0 range=>=-17 + range(b); // $ range=<=23 range=>=5 + int r = a*b; // -391 .. 0 + total += r; + range(total); // $ range=<=0 + } + if (-17 <= a && a <= 0 && 0 <= b && b <= 23) { + range(a); // $ range=<=0 range=>=-17 + range(b); // $ range=<=23 range=>=0 + int r = a*b; // -391 .. 0 + range(r); + total += r; + range(total); // $ range="<=- ...+0" range=<=0 + } + if (-17 <= a && a <= 0 && -13 <= b && b <= 23) { + range(a); // $ range=<=0 range=>=-17 + range(b); // $ range=<=23 range=>=-13 + int r = a*b; // -391 .. 221 + range(r); + total += r; + range(total); + } + if (-17 <= a && a <= 0 && -13 <= b && b <= 0) { + range(a); // $ range=<=0 range=>=-17 + range(b); // $ range=<=0 range=>=-13 + int r = a*b; // 0 .. 221 + range(r); + total += r; + range(total); // $ range=">=- ...+0" + } + if (-17 <= a && a <= 0 && -13 <= b && b <= -7) { + range(a); // $ range=<=0 range=>=-17 + range(b); // $ range=<=-7 range=>=-13 + int r = a*b; // 0 .. 221 + range(r); + total += r; + range(total); // $ range=">=- ...+0" + } + range(total); // $ range=">=- ...+0" + return total; +} + +// Tests for multiplication. +int test_mult05(int a, int b) { + int total = 0; + + if (-17 <= a && a <= -2 && 5 <= b && b <= 23) { + range(a); // $ range=<=-2 range=>=-17 + range(b); // $ range=<=23 range=>=5 + int r = a*b; // -391 .. -10 + range(r); + total += r; + range(total); // $ range=<=-1 + } + if (-17 <= a && a <= -2 && 0 <= b && b <= 23) { + range(a); // $ range=<=-2 range=>=-17 + range(b); // $ range=<=23 range=>=0 + int r = a*b; // -391 .. 0 + range(r); + total += r; + range(total); // $ range="<=- ...+0" range=<=0 + } + if (-17 <= a && a <= -2 && -13 <= b && b <= 23) { + range(a); // $ range=<=-2 range=>=-17 + range(b); // $ range=<=23 range=>=-13 + int r = a*b; // -391 .. 221 + range(r); + total += r; + range(total); + } + if (-17 <= a && a <= -2 && -13 <= b && b <= 0) { + range(a); // $ range=<=-2 range=>=-17 + range(b); // $ range=<=0 range=>=-13 + int r = a*b; // 0 .. 221 + range(r); + total += r; + range(total); // $ range=">=- ...+0" + } + if (-17 <= a && a <= -2 && -13 <= b && b <= -7) { + range(a); // $ range=<=-2 range=>=-17 + range(b); // $ range=<=-7 range=>=-13 + int r = a*b; // 14 .. 221 + range(r); + total += r; + range(total); // $ range=">=- ...+1" + } + range(total); // $ range=">=- ...+0" + return total; +} + +int test16(int x) { + int d, i = 0; + if (x < 0) { + range(x); // $ range=<=-1 + return -1; + } + + while (i < 3) { + range(i); // $ range=<=2 range=>=0 + i++; + range(i); // $ range="==... = ...:i+1" range=<=3 range=>=1 + } + range(d); + d = i; + range(d); // $ range===3 + if (x < 0) { // Comparison is always false. + range(x); // $ range=<=-1 range=>=0 + if (d > -x) { // Unreachable code. + range(d); // $ range===3 + range(x); // $ range=<=-1 range=>=0 + return 1; + } + range(d); // $ range===3 + range(x); // $ range=<=-1 range=>=0 + } + range(x); // $ range=>=0 + return 0; +} + +// Test ternary expression upper bounds. +unsigned int test_ternary01(unsigned int x) { + unsigned int y1, y2, y3, y4, y5, y6, y7, y8; + y1 = x < 100 ? + (range(x), x) : // $ range=<=99 + (range(x), 10); // $ range=>=100 + range(y1); + y2 = x >= 100 ? + (range(x), 10) : // $ range=>=100 + (range(x), x); // $ range=<=99 + range(y2); + y3 = 0; + y4 = 0; + y5 = 0; + y6 = 0; + y7 = 0; + y8 = 0; + if (x < 300) { + range(x); // $ range=<=299 + y3 = x ?: + (range(x), 5); // y3 < 300 + range(y3); + y4 = x ?: + (range(x), 500); // y4 <= 500 + range(y4); + y5 = (x+1) ?: + (range(x), 500); // $ range===-1 + range(y5); // y5 <= 300 + y6 = ((unsigned char)(x+1)) ?: + (range(x), 5); // $ range=<=299 + range(y6); // y6 < 256 + y7 = ((unsigned char)(x+1)) ?: + (range(x), 500); // $ range=<=299 + range(y7); // y7 <= 500 + y8 = ((unsigned short)(x+1)) ?: + (range(x), 500); // $ range=<=299 + range(y8); // y8 <= 300 + } + range(y1 + y2 + y3 + y4 + y5 + y6 + y7 + y8); // $ range=">=... = ...:... ? ... : ...+0" range=">=call to range+0" + return y1 + y2 + y3 + y4 + y5 + y6 + y7 + y8; +} + +// Test ternary expression lower bounds. +unsigned int test_ternary02(unsigned int x) { + unsigned int y1, y2, y3, y4, y5; + y1 = x > 100 ? + (range(x), x) : // $ range=>=101 + (range(x), 110); // $ range=<=100 + range(y1); // y1 > 100 + y2 = x <= 100 ? + (range(x), 110) : // $ range=<=100 + (range(x), x); // $ range=>=101 + range(y2); // y2 > 100 + y3 = 1000; + y4 = 1000; + y5 = 1000; + if (x >= 300) { + range(x); // $ range=>=300 + y3 = (x-300) ?: + (range(x), 5); // $ range===300 + range(y3); // y3 >= 0 + y4 = (x-200) ?: + (range(x), 5); // $ range=<=200 range=>=300 + range(y4); // y4 >= 100 + y5 = ((unsigned char)(x-200)) ?: + (range(x), 5); // $ range=>=300 + range(y5); // y6 >= 0 + } + range(y1 + y2 + y3 + y4 + y5); // $ range=">=... = ...:... ? ... : ...+0" range=">=call to range+0" + return y1 + y2 + y3 + y4 + y5; +} + +// Test the comma expression. +unsigned int test_comma01(unsigned int x) { + unsigned int y = x < 100 ? + (range(x), x) : // $ range=<=99 + (range(x), 100); // $ range=>=100 + unsigned int y1; + unsigned int y2; + y1 = (++y, y); + range(y1); // $ range="==... ? ... : ...+1" + y2 = (y++, + range(y), // $ range="==++ ...:... = ...+1" range="==... ? ... : ...+2" + y += 3, + range(y), // $ range="==++ ...:... = ...+4" range="==... +++3" range="==... ? ... : ...+5" + y); + range(y2); // $ range="==++ ...:... = ...+4" range="==... +++3" range="==... ? ... : ...+5" + range(y1 + y2); // $ range=">=++ ...:... = ...+5" range=">=... +++4" range=">=... += ...:... = ...+1" range=">=... ? ... : ...+6" + return y1 + y2; +} + +void test17() { + int i, j; + + i = 10; + range(i); // $ range===10 + + i = 10; + i += 10; + range(i); // $ range===20 + + i = 40; + i -= 10; + range(i); // $ range===30 + + i = j = 40; + range(i); // $ range===40 + + i = (j += 10); + range(i); // $ range===50 + + i = 20 + (j -= 10); + range(i); // $ range="==... += ...:... = ...+10" range===60 +} + +// Tests for unsigned multiplication. +int test_unsigned_mult01(unsigned int a, unsigned b) { + int total = 0; + + if (3 <= a && a <= 11 && 5 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=23 range=>=5 + int r = a*b; // 15 .. 253 + range(r); + total += r; + range(total); // $ range=>=1 + } + if (3 <= a && a <= 11 && 0 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=23 range=>=0 + int r = a*b; // 0 .. 253 + range(r); + total += r; + range(total); // $ range=">=(unsigned int)...+0" range=>=0 + } + if (3 <= a && a <= 11 && 13 <= b && b <= 23) { + range(a); // $ range=<=11 range=>=3 + range(b); // $ range=<=23 range=>=13 + int r = a*b; // 39 .. 253 + range(r); + total += r; + range(total); // $ range=">=(unsigned int)...+1" range=>=1 + } + range(total); // $ range=">=(unsigned int)...+0" range=>=0 + return total; +} + +int test_unsigned_mult02(unsigned b) { + int total = 0; + + if (5 <= b && b <= 23) { + range(b); // $ range=<=23 range=>=5 + int r = 11*b; // 55 .. 253 + range(r); + total += r; + range(total); // $ range=>=1 + } + if (0 <= b && b <= 23) { + range(b); // $ range=<=23 range=>=0 + int r = 11*b; // 0 .. 253 + range(r); + total += r; + range(total); // $ range=">=(unsigned int)...+0" range=>=0 + } + if (13 <= b && b <= 23) { + range(b); // $ range=<=23 range=>=13 + int r = 11*b; // 143 .. 253 + range(r); + total += r; + range(total); // $ range=">=(unsigned int)...+1" range=>=1 + } + range(total); // $ range=">=(unsigned int)...+0" range=>=0 + return total; +} + +unsigned long mult_rounding() { + unsigned long x, y, xy; + x = y = 1000000003UL; // 1e9 + 3 + range(y); // $ range===1000000003 + range(x); // $ range===1000000003 + xy = x * y; + range(xy); + return xy; // BUG: upper bound should be >= 1000000006000000009UL +} + +unsigned long mult_overflow() { + unsigned long x, y, xy; + x = 274177UL; + range(x); // $ range===274177 + y = 67280421310721UL; + range(y); + xy = x * y; + range(xy); + return xy; // BUG: upper bound should be >= 18446744073709551617UL +} + +unsigned long mult_lower_bound(unsigned int ui, unsigned long ul) { + if (ui >= 10) { + range(ui); // $ range=>=10 + range((unsigned long)ui); // $ range=>=10 + unsigned long result = (unsigned long)ui * ui; + range(result); + return result; // BUG: upper bound should be >= 18446744065119617025 + } + if (ul >= 10) { + range(ul); // $ range=>=10 + unsigned long result = ul * ul; + range(result); + return result; // BUG: lower bound should be 0 (overflow is possible) + } + return 0; +} + +unsigned long mul_assign(unsigned int ui) { + if (ui <= 10 && ui >= 2) { + range(ui); // $ range=<=10 range=>=2 + ui *= ui + 0; + range(ui); + return ui; // 4 .. 100 + } + + unsigned int uiconst = 10; + range(uiconst); // $ range===10 + uiconst *= 4; + range(uiconst); // $ range===40 + + unsigned long ulconst = 10; + range(ulconst); // $ range===10 + ulconst *= 4; + range(ulconst); // $ range===40 + range(uiconst + ulconst); // $ range=">=... *= ...+1" range=>=41 + return uiconst + ulconst; // 40 .. 40 for both +} + +int mul_by_constant(int i, int j) { + if (i >= -1 && i <= 2) { + range(i); // $ range=<=2 range=>=-1 + i = 5 * i; + range(i); // $ range=<=10 range=>=-5 + + i = i * -3; + range(i); // -30 .. 15 + + i *= 7; + range(i); // -210 .. 105 + + i *= -11; + range(i); // -1155 .. 2310 + } + if (i == -1) { + range(i); // $ range===-1 + range((int)0xffFFffFF); // $ range===-1 + i = i * (int)0xffFFffFF; // fully converted literal is -1 + range(i); // 1 .. 1 + } + i = i * -1; + range( i); // -2^31 .. 2^31-1 + + signed char sc = 1; + range(sc); // $ range===1 + i = (*&sc *= 2); + range(sc); // $ range===2 + range(i); // $ range===2 + + return 0; +} + + +int notequal_type_endpoint(unsigned n) { + range(n); // 0 .. + + if (n > 0) { + range(n); // $ range=>=1 + } + + if (n != 0) { + range(n); // 1 .. + } else { + range(n); // 0 .. 0 + } + + if (!n) { + range(n); // 0 .. 0 + } else { + range(n); // 1 .. + } + + while (n != 0) { + n--; // 1 .. + } + + range(n); // $ range=<=n+0 // 0 .. 0 +} + +void notequal_refinement(short n) { + if (n < 0) { + range(n); + return; + } + + if (n == 0) { + range(n); // 0 .. 0 + } else { + range(n); // 1 .. + } + + if (n) { + range(n); // 1 .. + } else { + range(n); // 0 .. 0 + } + + while (n != 0) { + range(n); // $ range=<=n+0 + n--; // 1 .. + } + + range(n); // $ range=<=n+0 // 0 .. 0 +} + +void notequal_variations(short n, float f) { + if (n != 0) { + if (n >= 0) { + range(n); // 1 .. [BUG: we can't handle `!=` coming first] + } + } + + if (n >= 5) { + if (2 * n - 10 == 0) { // Same as `n == 10/2` (modulo overflow) + range(n); + return; + } + range(n); // 6 .. + } + + if (n != -32768 && n != -32767) { + range(n); // -32766 .. + } + + if (n >= 0) { + n ? (range(n), n) : (range(n), n); // ? 1.. : 0..0 + !n ? (range(n), n) : (range(n), n); // ? 0..0 : 1.. + } +} + +void two_bounds_from_one_test(short ss, unsigned short us) { + // These tests demonstrate how the range analysis is often able to deduce + // both an upper bound and a lower bound even when there is only one + // inequality in the source. For example `signedInt < 4U` establishes that + // `signedInt >= 0` since if `signedInt` were negative then it would be + // greater than 4 in the unsigned comparison. + + if (ss < sizeof(int)) { // Lower bound added in `linearBoundFromGuard` + range(ss); // 0 .. 3 + } + + if (ss < 0x8001) { // Lower bound removed in `getDefLowerBounds` + range(ss); // -32768 .. 32767 + } + + if ((short)us >= 0) { + range(us); // 0 .. 32767 + } + + if ((short)us >= -1) { + range(us); // 0 .. 65535 + } + + if (ss >= sizeof(int)) { // test is true for negative numbers + range(ss); // -32768 .. 32767 + } + + if (ss + 1 < sizeof(int)) { + range(ss); // -1 .. 2 + } +} + +void widen_recursive_expr() { + int s; + for (s = 0; s < 10; s++) { + range(s); // $ range=<=9 range=>=0 + int result = s + s; + range(result); // 0 .. 18 + } +} + +void guard_bound_out_of_range(void) { + int i = 0; + if (i < 0) { + range(i); // unreachable [BUG: is -max .. +max] + } + + unsigned int u = 0; + if (u < 0) { + range(u); // unreachable [BUG: is 0 .. +max] + } +} + +void test_mod(int s) { + int s2 = s % 5; + range(s2); // $ range=<=4 // -4 .. 4 +} + +void exit(int); +void guard_with_exit(int x, int y) { + if (x) { + if (y != 0) { + exit(0); + } + } + range(y); // .. + + // This test ensures that we correctly identify + // that the upper bound for y is max_int when calling `range(y)`. +} + +void test(int x) { + if (x >= 10) { + range(x); // $ range=>=10 + return; + } + // The basic below has two predecessors. +label: + range(x); // $ range=<=9 + goto label; +} + +void test_overflow() { + const int x = 2147483647; // 2^31-1 + range(x); + const int y = 256; + range(y); + if ((x + y) <= 512) { + range(x); + range(y); + range(x + y); // $ range===-2147483393 + } +} diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp index 2c819885b13..5290fffc8fd 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp @@ -1,4 +1,4 @@ -template void range(T value); +#include "test_util.h" int f1(int x, int y) { if (x < 500) { if (x > 400) { diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test_util.h b/cpp/ql/test/library-tests/ir/range-analysis/test_util.h new file mode 100644 index 00000000000..3947dde3533 --- /dev/null +++ b/cpp/ql/test/library-tests/ir/range-analysis/test_util.h @@ -0,0 +1 @@ +template void range(T value); \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Best Practices/Hiding/LocalVariableHidesGlobalVariable/LocalVariableHidesGlobalVariable.expected b/cpp/ql/test/query-tests/Best Practices/Hiding/LocalVariableHidesGlobalVariable/LocalVariableHidesGlobalVariable.expected index 1ad05dacf8b..d79adba14e4 100644 --- a/cpp/ql/test/query-tests/Best Practices/Hiding/LocalVariableHidesGlobalVariable/LocalVariableHidesGlobalVariable.expected +++ b/cpp/ql/test/query-tests/Best Practices/Hiding/LocalVariableHidesGlobalVariable/LocalVariableHidesGlobalVariable.expected @@ -1,5 +1,5 @@ -| Hiding.c:22:25:22:26 | definition of gi | Local variable gi hides $@ with the same name. | Hiding.c:2:5:2:6 | gi | a global variable | -| Hiding.c:23:25:23:26 | definition of gj | Local variable gj hides $@ with the same name. | Hiding.c:3:12:3:13 | gj | a global variable | -| Hiding.c:24:25:24:26 | definition of gk | Local variable gk hides $@ with the same name. | Hiding.c:4:12:4:13 | gk | a global variable | -| Hiding.c:37:20:37:21 | definition of g3 | Parameter g3 hides $@ with the same name. | Hiding.c:33:13:33:14 | g3 | a global variable | -| Hiding.c:40:20:40:21 | definition of g5 | Parameter g5 hides $@ with the same name. | Hiding.c:33:21:33:22 | g5 | a global variable | +| Hiding.c:22:25:22:26 | definition of gi | Local variable gi hides a $@ with the same name. | Hiding.c:2:5:2:6 | gi | global variable | +| Hiding.c:23:25:23:26 | definition of gj | Local variable gj hides a $@ with the same name. | Hiding.c:3:12:3:13 | gj | global variable | +| Hiding.c:24:25:24:26 | definition of gk | Local variable gk hides a $@ with the same name. | Hiding.c:4:12:4:13 | gk | global variable | +| Hiding.c:37:20:37:21 | definition of g3 | Parameter g3 hides a $@ with the same name. | Hiding.c:33:13:33:14 | g3 | global variable | +| Hiding.c:40:20:40:21 | definition of g5 | Parameter g5 hides a $@ with the same name. | Hiding.c:33:21:33:22 | g5 | global variable | diff --git a/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.expected b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.expected new file mode 100644 index 00000000000..e993345aa39 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.expected @@ -0,0 +1,5 @@ +| test.cpp:49:2:49:8 | (void)... | The indentation level may be misleading for some tab sizes. | +| test.cpp:52:2:52:15 | (void)... | The indentation level may be misleading for some tab sizes. | +| test.cpp:160:3:160:9 | (void)... | The indentation level may be misleading for some tab sizes. | +| test.cpp:166:5:166:7 | ... ++ | The indentation level may be misleading for some tab sizes. | +| test.cpp:176:6:178:6 | ... ? ... : ... | The indentation level may be misleading for some tab sizes. | diff --git a/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.qlref b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.qlref new file mode 100644 index 00000000000..02b5f38e358 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.qlref @@ -0,0 +1 @@ +Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql diff --git a/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/test.cpp b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/test.cpp new file mode 100644 index 00000000000..dbf792db338 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/test.cpp @@ -0,0 +1,208 @@ +// clang-format off + +typedef unsigned size_t; + +struct X { + int foo(int y) { return y; } +} x; + +#define FOO(x) ( \ + (x), \ + (x) \ +) + +#define BAR(x, y) ((x), (y)) + +#define BAZ //printf + +struct Foo { + int i, i_array[3]; + int j; + virtual int foo(int) = 0; + virtual int bar(int, int) = 0; + int test(int (*baz)(int)); + + struct Tata { + struct Titi { + void tutu() {} + long toto() { return 42; } + } titi; + + Titi *operator->() { return &titi; } + } *tata; +}; + +int Foo::test(int (*baz)(int)) +{ + // Comma in simple if statement (prototypical example): + + if (i) + (void)i, // GOOD + j++; + + if (i) + this->foo(i), // GOOD + foo(i); + + if (i) + (void)i, // BAD + (void)j; + + if (1) FOO(i), + (void)x.foo(j); // BAD + + // Parenthesized comma (borderline example): + + foo(i++), j++; // GOOD + (foo(i++), j++); // GOOD + (foo(i++), // GOOD + j++); + (foo(i++), + foo(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + x.foo(i++), j++; // GOOD + (x.foo(i++), j++); // GOOD + (x.foo(i++), // GOOD + j++); + (x.foo(i++), + x.foo(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + FOO(i++), j++; // GOOD + (FOO(i++), j++); // GOOD + (FOO(i++), // GOOD + j++); + (FOO(i++), + FOO(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + (void)(i++), j++; // GOOD + ((void)(i++), j++); // GOOD + ((void)(i++), // GOOD + j++); + ((void)(i++), + (void)(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + // Comma in argument list doesn't count: + + bar(i++, j++); // GOOD + bar(i++, + j++); // GOOD + bar(i++ + , j++); // GOOD + bar(i++, + j++); // GOOD: common pattern and unlikely to be misread. + + BAR(i++, j++); // GOOD + BAR(i++, + j++); // GOOD + BAR(i++ + , j++); // GOOD + BAR(i++, + j++); // GOOD: common pattern and unlikely to be misread. + + using T = decltype(x.foo(i++), // GOOD + j++); + (void)sizeof(x.foo(i++), // GOOD + j++); + using U = decltype(x.foo(i++), // GOOD? Unlikely to be misread + j++); + (void)sizeof(x.foo(i++), // GOOD? Unlikely to be misread + j++); + + BAZ("%d %d\n", i, + j); // GOOD -- Currently explicitly excluded + + // Comma in loops + + while (i = foo(j++), // GOOD + i != j && i != 42 && + !foo(j)) { + i = j = i + j; + } + + while (i = foo(j++), // GOOD??? Currently ignoring loop heads + i != j && i != 42 && !foo(j)) { + i = j = i + j; + } + + for (i = 0, // GOOD? Currently ignoring loop heads. + j = 1; + i + j < 10; + i++, j++); + + for (i = 0, + j = 1; i < 10; i += 2, // GOOD? Currently ignoring loop heads. + j++) {} + + // Comma in if-conditions: + + if (i = foo(j++), + i == j) // GOOD(?) -- Currently ignoring if-conditions for the same reason as other parenthesized commas. + i = 0; + + // Mixed tabs and spaces (ugly case): + + for (i = 0, // GOOD if tab >= 4 spaces else BAD -- Currently ignoring loop heads. + j = 0; + i + j < 10; + i++, // GOOD if tab >= 4 spaces else BAD -- Currently ignoring loop heads. + j++); + + if (i) + (void)i, // GOOD if tab >= 4 spaces else BAD -- can't exclude w/o source code text :/ + (void)j; + + // LHS ends on same line RHS begins on: + + if (1) foo( + i++ + ), j++; // GOOD? [FALSE POSITIVE] + + if (1) baz( + i++ + ), j++; // GOOD... when calling a function pointer..!? + + // Weird cases: + + if (foo(j)) + return i++ + , i++ // GOOD(?) [FALSE POSITIVE] -- can't exclude w/o source code text :/ + ? 1 + : 2; + + int quux = + (tata->titi.tutu(), + foo(tata->titi.toto())); // GOOD + + (*tata)->toto(), // GOOD + i_array[i] += (int)(*tata)->toto(); + + return quux; +} + +// Comma in variadic template splice: + +namespace std { + template + struct index_sequence {}; +} + +template +struct zip_index {}; + +template +int& at(zip_index) { throw 1; } + +template +void for_each_input(Fn&& fn, std::index_sequence) { + (fn(zip_index{}, at(zip_index{})), ...); // GOOD +} + +// clang-format on diff --git a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/extraction_error.c b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/extraction_error.c new file mode 100644 index 00000000000..66eedf743fb --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/extraction_error.c @@ -0,0 +1,15 @@ +// semmle-extractor-options: --expect_errors + +static void my_function1_called() {} // GOOD +static void my_function2_called_after_error() {} // GOOD +static void my_function3_not_called() {} // BAD [NOT DETECTED] + +int main(void) { + my_function1_called(); + +--- compilation stops here because this line is not valid C code --- + + my_function2_called_after_error(); + + return 0; +} diff --git a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp index 2984d8f0b1a..c0d83b52a57 100644 --- a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp +++ b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp @@ -33,3 +33,16 @@ static void f6(void); static void f5(void) { f6(); } static void f6(void) { f5(); } +// f7 and f8 are reachable from `function_caller` +static int f7() { return 1; } // GOOD +static void f8() { } // GOOD + +void function_caller() +{ + auto my_lambda = []() { + return f7(); + }(); + + f8(); +} + diff --git a/cpp/ql/test/query-tests/Likely Bugs/ShortLoopVarName/ShortLoopVarName.expected b/cpp/ql/test/query-tests/Likely Bugs/ShortLoopVarName/ShortLoopVarName.expected index 16c5690bf75..22b1f8f4456 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/ShortLoopVarName/ShortLoopVarName.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/ShortLoopVarName/ShortLoopVarName.expected @@ -1,4 +1,4 @@ -| ShortLoopVarName.cpp:6:6:6:6 | i | Iteration variable i for $@ should have a descriptive name, since there is $@. | ShortLoopVarName.cpp:12:2:18:2 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:14:3:17:3 | for(...;...;...) ... | a nested loop | -| ShortLoopVarName.cpp:30:13:30:13 | a | Iteration variable a for $@ should have a descriptive name, since there is $@. | ShortLoopVarName.cpp:30:2:38:2 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:34:3:37:3 | for(...;...;...) ... | a nested loop | -| ShortLoopVarName.cpp:73:11:73:11 | y | Iteration variable y for $@ should have a descriptive name, since there is $@. | ShortLoopVarName.cpp:73:2:80:2 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:75:3:79:3 | for(...;...;...) ... | a nested loop | -| ShortLoopVarName.cpp:96:12:96:12 | i | Iteration variable i for $@ should have a descriptive name, since there is $@. | ShortLoopVarName.cpp:96:3:102:3 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:98:4:101:4 | for(...;...;...) ... | a nested loop | +| ShortLoopVarName.cpp:6:6:6:6 | i | Iteration variable i for $@ should have a descriptive name, since there is a $@. | ShortLoopVarName.cpp:12:2:18:2 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:14:3:17:3 | for(...;...;...) ... | nested loop | +| ShortLoopVarName.cpp:30:13:30:13 | a | Iteration variable a for $@ should have a descriptive name, since there is a $@. | ShortLoopVarName.cpp:30:2:38:2 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:34:3:37:3 | for(...;...;...) ... | nested loop | +| ShortLoopVarName.cpp:73:11:73:11 | y | Iteration variable y for $@ should have a descriptive name, since there is a $@. | ShortLoopVarName.cpp:73:2:80:2 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:75:3:79:3 | for(...;...;...) ... | nested loop | +| ShortLoopVarName.cpp:96:12:96:12 | i | Iteration variable i for $@ should have a descriptive name, since there is a $@. | ShortLoopVarName.cpp:96:3:102:3 | for(...;...;...) ... | this loop | ShortLoopVarName.cpp:98:4:101:4 | for(...;...;...) ... | nested loop | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/UnterminatedVarargsCall.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/UnterminatedVarargsCall.expected index e1b64faea28..2cf386e2f41 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/UnterminatedVarargsCall.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/UnterminatedVarargsCall.expected @@ -1,9 +1,9 @@ -| more_tests.cpp:23:2:23:12 | call to myFunction2 | Calls to $@ should use the value -1 as a terminator (4 calls do). | more_tests.cpp:5:6:5:16 | myFunction2 | myFunction2 | -| more_tests.cpp:34:2:34:12 | call to myFunction4 | Calls to $@ should use the value 0 as a terminator (3 calls do). | more_tests.cpp:7:6:7:16 | myFunction4 | myFunction4 | -| more_tests.cpp:44:2:44:12 | call to myFunction6 | Calls to $@ should use the value 0 as a terminator (3 calls do). | more_tests.cpp:9:6:9:16 | myFunction6 | myFunction6 | -| more_tests.cpp:55:2:55:12 | call to myFunction7 | Calls to $@ should use the value 0 as a terminator (7 calls do). | more_tests.cpp:10:6:10:16 | myFunction7 | myFunction7 | -| more_tests.cpp:56:2:56:12 | call to myFunction7 | Calls to $@ should use the value 0 as a terminator (7 calls do). | more_tests.cpp:10:6:10:16 | myFunction7 | myFunction7 | -| tests.c:34:2:34:3 | call to f1 | Calls to $@ should use the value 0 as a terminator (4 calls do). | tests.c:4:6:4:7 | f1 | f1 | -| tests.c:67:2:67:3 | call to f6 | Calls to $@ should use the value -1 as a terminator (3 calls do). | tests.c:24:6:24:7 | f6 | f6 | -| tests.c:68:2:68:3 | call to f6 | Calls to $@ should use the value -1 as a terminator (3 calls do). | tests.c:24:6:24:7 | f6 | f6 | -| tests.c:73:2:73:3 | call to f7 | Calls to $@ should use the value 0 as a terminator (3 calls do). | tests.c:28:6:28:7 | f7 | f7 | +| more_tests.cpp:25:2:25:12 | call to myFunction2 | Calls to $@ should use the value -1 as a terminator (5 of 6 calls do). | more_tests.cpp:5:6:5:16 | myFunction2 | myFunction2 | +| more_tests.cpp:39:2:39:12 | call to myFunction4 | Calls to $@ should use the value 0 as a terminator (5 of 6 calls do). | more_tests.cpp:7:6:7:16 | myFunction4 | myFunction4 | +| more_tests.cpp:49:2:49:12 | call to myFunction6 | Calls to $@ should use the value 0 as a terminator (5 of 6 calls do). | more_tests.cpp:9:6:9:16 | myFunction6 | myFunction6 | +| more_tests.cpp:64:2:64:12 | call to myFunction7 | Calls to $@ should use the value 0 as a terminator (9 of 11 calls do). | more_tests.cpp:10:6:10:16 | myFunction7 | myFunction7 | +| more_tests.cpp:65:2:65:12 | call to myFunction7 | Calls to $@ should use the value 0 as a terminator (9 of 11 calls do). | more_tests.cpp:10:6:10:16 | myFunction7 | myFunction7 | +| tests.c:34:2:34:3 | call to f1 | Calls to $@ should use the value 0 as a terminator (4 of 5 calls do). | tests.c:4:6:4:7 | f1 | f1 | +| tests.c:78:2:78:3 | call to f6 | Calls to $@ should use the value -1 as a terminator (10 of 12 calls do). | tests.c:24:6:24:7 | f6 | f6 | +| tests.c:79:2:79:3 | call to f6 | Calls to $@ should use the value -1 as a terminator (10 of 12 calls do). | tests.c:24:6:24:7 | f6 | f6 | +| tests.c:84:2:84:3 | call to f7 | Calls to $@ should use the value 0 as a terminator (12 of 13 calls do). | tests.c:28:6:28:7 | f7 | f7 | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/more_tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/more_tests.cpp index a8c34fb490a..d6c9a3915e7 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/more_tests.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/more_tests.cpp @@ -13,27 +13,32 @@ int main() { int x; - myFunction1("%i", 0); // not common enough to be assumed a terminator + myFunction1("%i", 0); // GOOD: not common enough to be assumed a terminator + myFunction1("%i", 0); myFunction1("%i", x); myFunction2(-1); myFunction2(0, -1); myFunction2(0, 1, -1); myFunction2(0, 1, 2, -1); - myFunction2(0, 1, 2, 3); // missing terminator + myFunction2(0, 1, 2, 3, -1); + myFunction2(0, 1, 2, 3, 4); // BAD: missing terminator myFunction3(-1); myFunction3(0, -1); - myFunction3(-1, 1, -1); // -1 isn't a terminator because it's used in a non-terminal position + myFunction3(-1, 1, -1); // GOOD: -1 isn't a terminator because it's used in a non-terminal position myFunction3(0, 1, 2, -1); - myFunction3(0, 1, 2, 3); + myFunction3(0, 1, 2, 3, -1); + myFunction3(0, 1, 2, 3, 4); myFunction4(x, x, 0); myFunction4(0, x, 1, 0); myFunction4(0, 0, 1, 1, 0); - myFunction4(x, 0, 1, 1, 1); // missing terminator + myFunction4(0, x, 1, 1, 1, 0); + myFunction4(0, 0, 1, 1, 1, 1, 0); + myFunction4(x, 0, 1, 1, 1, 1, 1); // BAD: missing terminator - myFunction5('a', 'b', 'c', 0); // ambiguous terminator + myFunction5('a', 'b', 'c', 0); // GOOD: ambiguous terminator myFunction5('a', 'b', 'c', 0); myFunction5('a', 'b', 'c', 0); myFunction5('a', 'b', 'c', -1); @@ -41,19 +46,23 @@ int main() myFunction5('a', 'b', 'c', -1); myFunction6(0.0); - myFunction6(1.0); // missing terminator + myFunction6(1.0); // BAD: missing terminator myFunction6(1.0, 2.0, 0.0); myFunction6(1.0, 2.0, 3.0, 0.0); + myFunction6(1.0, 2.0, 3.0, 4.0, 0.0); + myFunction6(1.0, 2.0, 3.0, 4.0, 5.0, 0.0); myFunction7(NULL); myFunction7("hello", "world", NULL); myFunction7("apple", "banana", "pear", "mango", NULL); myFunction7("dog", "cat", "elephant", "badger", "fish", NULL); myFunction7("one", "two", "three", 0); + myFunction7("four", "five", "six", 0); + myFunction7("seven", "eight", "nine", 0); myFunction7("alpha", "beta", "gamma", 0); myFunction7("", 0); - myFunction7("yes", "no"); // missing terminator - myFunction7(); // missing terminator + myFunction7("yes", "no"); // BAD: missing terminator + myFunction7(); // BAD: missing terminator return 0; } \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/tests.c b/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/tests.c index a02a6e02b56..f89d19cf3c7 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/tests.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-121/semmle/tests/tests.c @@ -42,6 +42,7 @@ int main(int argc, char *argv[]) // GOOD: 0 is not common enough to be sure it's a terminator f3("", 0); + f3("", 0); f3("", 10); // GOOD: -1 is not common enough to be sure it's a terminator @@ -50,6 +51,9 @@ int main(int argc, char *argv[]) f4("", -1); f4("", -1); f4("", -1); + f4("", -1); + f4("", -1); + f4("", -1); f4("", 1); // GOOD: no obvious required terminator @@ -61,16 +65,32 @@ int main(int argc, char *argv[]) f5("", 0); f5("", 10); - f6("fsdf", 3, 8, -1); - f6("a", 7, 9, 10, -1); - f6("a", 1, 22, 6, 17, 2, -1); - f6("fgasfgas", 5, 6, argc); // BAD: not (necessarily) terminated with -1 - f6("sadfsaf"); // BAD: not terminated with -1 + f6("a", 3, 8, -1); + f6("b", 7, 9, 10, -1); + f6("c", 1, 22, 6, 17, 2, -1); + f6("d", 1, -1); + f6("e", 1, 2, -1); + f6("f", 1, 2, 3, -1); + f6("g", 1, 2, 3, 4, -1); + f6("h", 5, -1); + f6("i", 5, 6, -1); + f6("j", 5, 6, 7, -1); + f6("k", 5, 6, argc); // BAD: not (necessarily) terminated with -1 + f6("l"); // BAD: not terminated with -1 f7("", 0); f7("", 0); f7("", 0); f7(""); // BAD: not terminated with 0 + f7("", 0); + f7("", 0); + f7("", 0); + f7("", 0); + f7("", 0); + f7("", 0); + f7("", 0); + f7("", 0); + f7("", 0); return 0; } \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected index b672d501c5e..3834d769463 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected @@ -52,27 +52,27 @@ nodes | examples.cpp:38:9:38:12 | data | semmle.label | data | subpaths #select -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | -| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | Arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | +| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected index efec436a131..011f8f73819 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected @@ -92,31 +92,31 @@ nodes | test.cpp:219:8:219:8 | x | semmle.label | x | subpaths #select -| test.c:21:17:21:17 | r | test.c:18:13:18:16 | call to rand | test.c:21:17:21:17 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:18:13:18:16 | call to rand | uncontrolled value | -| test.c:35:5:35:5 | r | test.c:34:13:34:18 | call to rand | test.c:35:5:35:5 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:34:13:34:18 | call to rand | uncontrolled value | -| test.c:45:5:45:5 | r | test.c:44:13:44:16 | call to rand | test.c:45:5:45:5 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:44:13:44:16 | call to rand | uncontrolled value | -| test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | uncontrolled value | -| test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | uncontrolled value | -| test.c:83:9:83:9 | r | test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:81:14:81:17 | call to rand | uncontrolled value | -| test.c:83:9:83:9 | r | test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:81:23:81:26 | call to rand | uncontrolled value | -| test.c:127:9:127:9 | r | test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:125:13:125:16 | call to rand | uncontrolled value | -| test.c:133:5:133:5 | r | test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:131:13:131:16 | call to rand | uncontrolled value | -| test.c:139:10:139:10 | r | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.c:137:13:137:16 | call to rand | uncontrolled value | -| test.c:157:9:157:9 | r | test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r | Arithmetic expression depends on an $@, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | uncontrolled value | -| test.c:157:9:157:9 | r | test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r | Arithmetic expression depends on an $@, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | uncontrolled value | -| test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | uncontrolled value | -| test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | uncontrolled value | -| test.cpp:37:7:37:7 | r | test.cpp:18:9:18:12 | call to rand | test.cpp:37:7:37:7 | r | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:18:9:18:12 | call to rand | uncontrolled value | -| test.cpp:90:10:90:10 | x | test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:86:10:86:13 | call to rand | uncontrolled value | -| test.cpp:102:10:102:10 | x | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:98:10:98:13 | call to rand | uncontrolled value | -| test.cpp:146:9:146:9 | y | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:137:10:137:13 | call to rand | uncontrolled value | -| test.cpp:154:10:154:10 | b | test.cpp:151:10:151:13 | call to rand | test.cpp:154:10:154:10 | b | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:151:10:151:13 | call to rand | uncontrolled value | -| test.cpp:171:11:171:16 | (int)... | test.cpp:169:11:169:14 | call to rand | test.cpp:171:11:171:16 | (int)... | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:169:11:169:14 | call to rand | uncontrolled value | -| test.cpp:171:16:171:16 | y | test.cpp:169:11:169:14 | call to rand | test.cpp:171:16:171:16 | y | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:169:11:169:14 | call to rand | uncontrolled value | -| test.cpp:196:7:196:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:196:7:196:7 | x | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value | -| test.cpp:198:7:198:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:198:7:198:7 | x | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value | -| test.cpp:199:7:199:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:199:7:199:7 | x | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value | -| test.cpp:204:7:204:7 | y | test.cpp:190:10:190:13 | call to rand | test.cpp:204:7:204:7 | y | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:190:10:190:13 | call to rand | uncontrolled value | -| test.cpp:205:7:205:7 | y | test.cpp:190:10:190:13 | call to rand | test.cpp:205:7:205:7 | y | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:190:10:190:13 | call to rand | uncontrolled value | -| test.cpp:208:7:208:7 | y | test.cpp:190:10:190:13 | call to rand | test.cpp:208:7:208:7 | y | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:190:10:190:13 | call to rand | uncontrolled value | -| test.cpp:219:8:219:8 | x | test.cpp:215:11:215:14 | call to rand | test.cpp:219:8:219:8 | x | Arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:215:11:215:14 | call to rand | uncontrolled value | +| test.c:21:17:21:17 | r | test.c:18:13:18:16 | call to rand | test.c:21:17:21:17 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:18:13:18:16 | call to rand | uncontrolled value | +| test.c:35:5:35:5 | r | test.c:34:13:34:18 | call to rand | test.c:35:5:35:5 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:34:13:34:18 | call to rand | uncontrolled value | +| test.c:45:5:45:5 | r | test.c:44:13:44:16 | call to rand | test.c:45:5:45:5 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:44:13:44:16 | call to rand | uncontrolled value | +| test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | uncontrolled value | +| test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | uncontrolled value | +| test.c:83:9:83:9 | r | test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:81:14:81:17 | call to rand | uncontrolled value | +| test.c:83:9:83:9 | r | test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:81:23:81:26 | call to rand | uncontrolled value | +| test.c:127:9:127:9 | r | test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:125:13:125:16 | call to rand | uncontrolled value | +| test.c:133:5:133:5 | r | test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:131:13:131:16 | call to rand | uncontrolled value | +| test.c:139:10:139:10 | r | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:137:13:137:16 | call to rand | uncontrolled value | +| test.c:157:9:157:9 | r | test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r | This arithmetic expression depends on an $@, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | uncontrolled value | +| test.c:157:9:157:9 | r | test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r | This arithmetic expression depends on an $@, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | uncontrolled value | +| test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | uncontrolled value | +| test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | uncontrolled value | +| test.cpp:37:7:37:7 | r | test.cpp:18:9:18:12 | call to rand | test.cpp:37:7:37:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:18:9:18:12 | call to rand | uncontrolled value | +| test.cpp:90:10:90:10 | x | test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:86:10:86:13 | call to rand | uncontrolled value | +| test.cpp:102:10:102:10 | x | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:98:10:98:13 | call to rand | uncontrolled value | +| test.cpp:146:9:146:9 | y | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:137:10:137:13 | call to rand | uncontrolled value | +| test.cpp:154:10:154:10 | b | test.cpp:151:10:151:13 | call to rand | test.cpp:154:10:154:10 | b | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:151:10:151:13 | call to rand | uncontrolled value | +| test.cpp:171:11:171:16 | (int)... | test.cpp:169:11:169:14 | call to rand | test.cpp:171:11:171:16 | (int)... | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:169:11:169:14 | call to rand | uncontrolled value | +| test.cpp:171:16:171:16 | y | test.cpp:169:11:169:14 | call to rand | test.cpp:171:16:171:16 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:169:11:169:14 | call to rand | uncontrolled value | +| test.cpp:196:7:196:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:196:7:196:7 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value | +| test.cpp:198:7:198:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:198:7:198:7 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value | +| test.cpp:199:7:199:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:199:7:199:7 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value | +| test.cpp:204:7:204:7 | y | test.cpp:190:10:190:13 | call to rand | test.cpp:204:7:204:7 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:190:10:190:13 | call to rand | uncontrolled value | +| test.cpp:205:7:205:7 | y | test.cpp:190:10:190:13 | call to rand | test.cpp:205:7:205:7 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:190:10:190:13 | call to rand | uncontrolled value | +| test.cpp:208:7:208:7 | y | test.cpp:190:10:190:13 | call to rand | test.cpp:208:7:208:7 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:190:10:190:13 | call to rand | uncontrolled value | +| test.cpp:219:8:219:8 | x | test.cpp:215:11:215:14 | call to rand | test.cpp:219:8:219:8 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:215:11:215:14 | call to rand | uncontrolled value | diff --git a/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs b/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs index 5ce1a58491f..a2fb43759df 100644 --- a/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs +++ b/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs @@ -218,7 +218,7 @@ namespace Semmle.Extraction.CIL public PdbSourceFile CreateSourceFile(PDB.ISourceFile file) => sourceFiles[file]; /// - /// Creates a folder entitiy with the given path. + /// Creates a folder entity with the given path. /// /// The path of the folder. /// A folder entity. diff --git a/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs b/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs index 8f3d340d104..de563080d4b 100644 --- a/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs +++ b/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs @@ -5,7 +5,7 @@ namespace Semmle.Extraction.CIL { /// /// An entity that has contents to extract. There is no need to populate - /// a key as it's done in the contructor. + /// a key as it's done in the constructor. /// internal abstract class UnlabelledEntity : Extraction.UnlabelledEntity, IExtractedEntity { diff --git a/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs b/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs index 1e2cc7aacac..37c0af7702b 100644 --- a/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs +++ b/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs @@ -1,7 +1,7 @@ namespace Semmle.Extraction.CIL.Entities { /// - /// An entity represting a member. + /// An entity representing a member. /// Used to type tuples correctly. /// internal interface IMember : IExtractedEntity diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs index e03f945175b..bf7c2ca42b1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs @@ -66,7 +66,7 @@ namespace Semmle.Extraction.CSharp.Entities } /// - /// The location which is stored in the database and is used when highlighing source code. + /// The location which is stored in the database and is used when highlighting source code. /// It's generally short, e.g. a method name. /// public override Microsoft.CodeAnalysis.Location? ReportingLocation => Symbol.Locations.FirstOrDefault(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs index b578f51e0e0..e18d72350d8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs @@ -42,7 +42,7 @@ namespace Semmle.Extraction.CSharp.Entities } else { - Context.ModelError(Symbol, $"Undhandled event accessor kind {Symbol.ToDisplayString()}"); + Context.ModelError(Symbol, $"Unhandled event accessor kind {Symbol.ToDisplayString()}"); return; } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs index 5c3a48c05ae..6e0380da693 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs @@ -74,7 +74,7 @@ namespace Semmle.Extraction.CSharp.Entities bool IExpressionParentEntity.IsTopLevelParent => false; /// - /// Gets a string represention of a constant value. + /// Gets a string representation of a constant value. /// /// The value. /// The string representation. diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs index a94f0b54747..4ed4f2b6fb2 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs @@ -23,7 +23,7 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.modifiers(Label, Symbol); } - public static string AccessbilityModifier(Accessibility access) + public static string AccessibilityModifier(Accessibility access) { switch (access) { @@ -48,7 +48,7 @@ namespace Semmle.Extraction.CSharp.Entities case Accessibility.Public: case Accessibility.Protected: case Accessibility.Internal: - HasModifier(cx, trapFile, type, Modifier.AccessbilityModifier(access)); + HasModifier(cx, trapFile, type, Modifier.AccessibilityModifier(access)); break; case Accessibility.NotApplicable: break; @@ -131,7 +131,7 @@ namespace Semmle.Extraction.CSharp.Entities public static Modifier Create(Context cx, Accessibility access) { - var modifier = AccessbilityModifier(access); + var modifier = AccessibilityModifier(access); return ModifierFactory.Instance.CreateEntity(cx, (typeof(Modifier), modifier), modifier); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs b/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs index 26a104286a8..6018b9903c1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs @@ -10,7 +10,7 @@ namespace Semmle.Extraction.CSharp { /// /// An ITypeSymbol with nullability annotations. - /// Although a similar class has been implemented in Rolsyn, + /// Although a similar class has been implemented in Roslyn, /// https://github.com/dotnet/roslyn/blob/090e52e27c38ad8f1ea4d033114c2a107604ddaa/src/Compilers/CSharp/Portable/Symbols/TypeWithAnnotations.cs /// it is an internal struct that has not yet been exposed on the public interface. /// @@ -80,8 +80,8 @@ namespace Semmle.Extraction.CSharp public static IEnumerable GetSourceLevelModifiers(this ISymbol symbol) { var methodModifiers = symbol.GetModifiers(md => md.Modifiers); - var typeModifers = symbol.GetModifiers(cd => cd.Modifiers); - return methodModifiers.Concat(typeModifers).Select(m => m.Text); + var typeModifiers = symbol.GetModifiers(cd => cd.Modifiers); + return methodModifiers.Concat(typeModifiers).Select(m => m.Text); } /// diff --git a/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs b/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs index dcf8dcbc373..f103296107d 100644 --- a/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs +++ b/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs @@ -26,7 +26,7 @@ namespace Semmle.Extraction Label Label { get; set; } /// - /// Writes the unique identifier of this entitiy to a trap file. + /// Writes the unique identifier of this entity to a trap file. /// /// The trapfile to write to. void WriteId(EscapingTextWriter trapFile); diff --git a/csharp/extractor/Semmle.Util/Enumerators.cs b/csharp/extractor/Semmle.Util/Enumerators.cs index 3d77e2522b6..16fad6cfa54 100644 --- a/csharp/extractor/Semmle.Util/Enumerators.cs +++ b/csharp/extractor/Semmle.Util/Enumerators.cs @@ -8,7 +8,7 @@ namespace Semmle.Util /// Create an enumerable with a single element. /// /// - /// The type of the enumerble/element. + /// The type of the enumerable/element. /// The element. /// An enumerable containing a single element. public static IEnumerable Singleton(T t) diff --git a/csharp/extractor/Semmle.Util/FuzzyDictionary.cs b/csharp/extractor/Semmle.Util/FuzzyDictionary.cs index 9f61fa1ffa9..53a84d98a08 100644 --- a/csharp/extractor/Semmle.Util/FuzzyDictionary.cs +++ b/csharp/extractor/Semmle.Util/FuzzyDictionary.cs @@ -17,7 +17,7 @@ namespace Semmle.Util /// The algorithm locates the closest match to a string based on a "distance function". /// /// Whilst many distance functions are possible, a bespoke algorithm is used here, - /// for efficiency and suitablility for the domain. + /// for efficiency and suitability for the domain. /// /// The distance is defined as the Hamming Distance of the numbers in the string. /// Each string is split into the base "form" (stripped of numbers) and a vector of diff --git a/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md b/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md index 7152975b292..e13a60e0f61 100644 --- a/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md +++ b/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md @@ -1,5 +1,5 @@ lgtm,codescanning -* Inferring the lengths of implicitely sized arrays is fixed. Previously, multi +* Inferring the lengths of implicitly sized arrays is fixed. Previously, multi dimensional arrays were always extracted with the same length for each dimension. With the fix, the array sizes `2` and `1` are extracted for `new int[,]{{1},{2}}`. Previously `2` and `2` were extracted. diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 49d355ec453..afbbf19794a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.1 + +No user-facing changes. + ## 1.3.0 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll b/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll index 6947fc05bb1..51559093b07 100644 --- a/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll +++ b/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll @@ -124,7 +124,7 @@ string solorigateSuspiciousLiterals() { "fc00::", "fe00::", "fec0::", "ffc0::", "ff00::", "HKCC", "HKCR", "HKCU", "HKDD", "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_CURRENT_USER", "HKEY_DYN_DATA", "HKEY_LOCAL_MACHINE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", - "HKEY_PERFOMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match", + "HKEY_PERFORMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match", "Microsoft-CryptoAPI/", "Nodes", "Volumes", "Interfaces", "Components", "opensans", "Organization", "OSArchitecture", "ParentProcessID", "PathName", "ReportWatcherPostpone", "ReportWatcherRetry", "S-1-5-", "SeRestorePrivilege", "SeShutdownPrivilege", diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.1.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.1.md new file mode 100644 index 00000000000..8dd9964197c --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.1.md @@ -0,0 +1,3 @@ +## 1.3.1 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index ec16350ed6f..e71b6d081f1 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.0 +lastReleaseVersion: 1.3.1 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 648df77d7ff..96ed3493829 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.3.1-dev +version: 1.3.2-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 49d355ec453..afbbf19794a 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.1 + +No user-facing changes. + ## 1.3.0 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql b/csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql index 5e4a47f7ec0..e09d00807e6 100644 --- a/csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql +++ b/csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql @@ -27,6 +27,5 @@ where xor2.getAnOperand() = v.getAnAccess() ) ) -select l, - "The variable $@ seems to be used as part of a FNV-like hash calculation, that is modified by an additional $@ expression using literal $@.", - v, v.toString(), additional_xor, "xor", l, l.toString() +select l, "This literal is used in an $@ after an FNV-like hash calculation with variable $@.", + additional_xor, "additional xor", v, v.toString() diff --git a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownCommandsAboveThreshold.ql b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownCommandsAboveThreshold.ql index 42fb738f157..cdb8670186c 100644 --- a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownCommandsAboveThreshold.ql +++ b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownCommandsAboveThreshold.ql @@ -34,5 +34,5 @@ where total = countSolorigateCommandInEnum(e) and total > 10 select e, - "The enum $@ may be related to Solorigate. It matches " + total + - " of the values used for commands in the enum.", e, e.getName() + "This enum may be related to Solorigate. It matches " + total + + " of the values used for commands in the enum." diff --git a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownHashesAboveThreshold.ql b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownHashesAboveThreshold.ql index 541f3205c01..5aeb3b8ccc9 100644 --- a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownHashesAboveThreshold.ql +++ b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownHashesAboveThreshold.ql @@ -29,5 +29,5 @@ where isSolorigateHash(l) and total > threshold select l, - "The Hash literal $@ may be related to the Solorigate campaign. Total count = " + total + - " is above the threshold " + threshold + ".", l, l.getValue() + "This Hash literal may be related to the Solorigate campaign. Total count = " + total + + " is above the threshold " + threshold + "." diff --git a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownLiteralsAboveThreshold.ql b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownLiteralsAboveThreshold.ql index a18f0c40916..bae2faa7674 100644 --- a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownLiteralsAboveThreshold.ql +++ b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownLiteralsAboveThreshold.ql @@ -29,5 +29,5 @@ where isSolorigateLiteral(l) and total > threshold select l, - "The literal $@ may be related to the Solorigate campaign. Total count = " + total + - " is above the threshold " + threshold + ".", l, l.getValue() + "This literal may be related to the Solorigate campaign. Total count = " + total + + " is above the threshold " + threshold + "." diff --git a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownMethodNamesAboveThreshold.ql b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownMethodNamesAboveThreshold.ql index 430329c3a10..6e3834a46c7 100644 --- a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownMethodNamesAboveThreshold.ql +++ b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownMethodNamesAboveThreshold.ql @@ -28,5 +28,5 @@ where isSolorigateSuspiciousMethodName(m) and total > threshold select m, - "The method $@ may be related to Solorigate. Total count = " + total + " is above the threshold " + - threshold + ".", m, m.getName() + "This method may be related to Solorigate. Total count = " + total + " is above the threshold " + + threshold + "." diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.1.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.1.md new file mode 100644 index 00000000000..8dd9964197c --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.1.md @@ -0,0 +1,3 @@ +## 1.3.1 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index ec16350ed6f..e71b6d081f1 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.0 +lastReleaseVersion: 1.3.1 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 940cdf055f8..888b9099b3d 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.3.1-dev +version: 1.3.2-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.expected b/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.expected index a82479c30bd..53407ecb208 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.expected +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.expected @@ -1 +1 @@ -| test.cs:39:16:39:36 | 6605813339339102567 | The variable $@ seems to be used as part of a FNV-like hash calculation, that is modified by an additional $@ expression using literal $@. | test.cs:25:9:25:11 | num | num | test.cs:39:10:39:36 | ... ^ ... | xor | test.cs:39:16:39:36 | 6605813339339102567 | 6605813339339102567 | +| test.cs:39:16:39:36 | 6605813339339102567 | This literal is used in an $@ after a FNV-like hash calculation with variable $@. | test.cs:39:10:39:36 | ... ^ ... | additional xor | test.cs:25:9:25:11 | num | num | diff --git a/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py b/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py index b4e8d27fcbd..be1b516ce5a 100644 --- a/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py +++ b/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py @@ -41,3 +41,7 @@ check_build_out("hello, world", s) # to `dotnet run -p:UseSharedCompilation=true -p:UseSharedCompilation=false -- hello world` s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test6-db', 'dotnet run -p:UseSharedCompilation=true -- hello world'], "test7-db") check_build_out("hello, world", s) + +# option passed into `dotnet run` +s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test7-db', 'dotnet build', 'dotnet run --no-build hello world'], "test8-db") +check_build_out("hello, world", s) diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 83b9e7b837c..c303fa86a4a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.4.1 + +### Minor Analysis Improvements + +* `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries. +* ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected. + ## 0.4.0 ### Deprecated APIs diff --git a/csharp/ql/lib/change-notes/2022-09-23-simpletypesanitizer.md b/csharp/ql/lib/change-notes/2022-09-23-simpletypesanitizer.md deleted file mode 100644 index a4d7e4cde7a..00000000000 --- a/csharp/ql/lib/change-notes/2022-09-23-simpletypesanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2022-08-24-aps-net-core-controllers.md b/csharp/ql/lib/change-notes/released/0.4.1.md similarity index 65% rename from csharp/ql/lib/change-notes/2022-08-24-aps-net-core-controllers.md rename to csharp/ql/lib/change-notes/released/0.4.1.md index b3b5006bc57..f3bdef7797c 100644 --- a/csharp/ql/lib/change-notes/2022-08-24-aps-net-core-controllers.md +++ b/csharp/ql/lib/change-notes/released/0.4.1.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.4.1 + +### Minor Analysis Improvements + +* `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries. * ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 458bfbeccff..89fa3a87180 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.0 +lastReleaseVersion: 0.4.1 diff --git a/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll b/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll index 28de629816d..b7371fafb3e 100644 --- a/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll +++ b/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll @@ -10,7 +10,9 @@ import csharp private import DataFlow private import semmle.code.csharp.dataflow.TaintTracking2 -predicate maybeANonCryptogrphicHash(Callable callable, Variable v, Expr xor, Expr mul, LoopStmt loop) { +predicate maybeANonCryptographicHash( + Callable callable, Variable v, Expr xor, Expr mul, LoopStmt loop +) { callable = loop.getEnclosingCallable() and ( maybeUsedInFnvFunction(v, xor, mul, loop) or @@ -75,7 +77,7 @@ private predicate maybeUsedInElfHashFunction(Variable v, Operation xor, Operatio */ predicate isCallableAPotentialNonCryptographicHashFunction(Callable callable, Parameter param) { exists(Variable v, Expr op1, Expr op2, LoopStmt loop | - maybeANonCryptogrphicHash(callable, v, op1, op2, loop) and + maybeANonCryptographicHash(callable, v, op1, op2, loop) and callable.getAParameter() = param and exists(ParameterNode p, ExprNode n | p.getParameter() = param and diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 270ae8a65aa..8b00f8845c2 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.4.1-dev +version: 0.4.2-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/lib/semmle/code/cil/DataFlow.qll b/csharp/ql/lib/semmle/code/cil/DataFlow.qll index 55f8eb89432..9057cccf49b 100644 --- a/csharp/ql/lib/semmle/code/cil/DataFlow.qll +++ b/csharp/ql/lib/semmle/code/cil/DataFlow.qll @@ -20,16 +20,18 @@ class DataFlowNode extends @cil_dataflow_node { * Holds if this node flows to `sink` in one step. * `tt` is the tainting that occurs during this step. */ - predicate getALocalFlowSucc(DataFlowNode sink, TaintType tt) { + deprecated predicate getALocalFlowSucc(DataFlowNode sink, TaintType tt) { localExactStep(this, sink) and tt = TExactValue() or localTaintStep(this, sink) and tt = TTaintedValue() } - private predicate flowsToStep(DataFlowNode sink) { this.getALocalFlowSucc(sink, TExactValue()) } + deprecated private predicate flowsToStep(DataFlowNode sink) { + this.getALocalFlowSucc(sink, TExactValue()) + } /** Holds if this node flows to `sink` in zero or more steps. */ - predicate flowsTo(DataFlowNode sink) { this.flowsToStep*(sink) } + deprecated predicate flowsTo(DataFlowNode sink) { this.flowsToStep*(sink) } /** Gets the method that contains this dataflow node. */ Method getMethod() { none() } @@ -38,12 +40,12 @@ class DataFlowNode extends @cil_dataflow_node { Location getLocation() { none() } } -private newtype TTaintType = +deprecated private newtype TTaintType = TExactValue() or TTaintedValue() /** Describes how data is tainted. */ -class TaintType extends TTaintType { +deprecated class TaintType extends TTaintType { string toString() { this = TExactValue() and result = "exact" or @@ -52,12 +54,12 @@ class TaintType extends TTaintType { } /** A taint type where the data is untainted. */ -class Untainted extends TaintType, TExactValue { } +deprecated class Untainted extends TaintType, TExactValue { } /** A taint type where the data is tainted. */ -class Tainted extends TaintType, TTaintedValue { } +deprecated class Tainted extends TaintType, TTaintedValue { } -private predicate localFlowPhiInput(DataFlowNode input, Ssa::PhiNode phi) { +deprecated private predicate localFlowPhiInput(DataFlowNode input, Ssa::PhiNode phi) { exists(Ssa::Definition def, BasicBlock bb, int i | phi.hasLastInputRef(def, bb, i) | def.definesAt(_, bb, i) and input = def.getVariableUpdate().getSource() @@ -76,7 +78,7 @@ private predicate localFlowPhiInput(DataFlowNode input, Ssa::PhiNode phi) { ) } -private predicate localExactStep(DataFlowNode src, DataFlowNode sink) { +deprecated private predicate localExactStep(DataFlowNode src, DataFlowNode sink) { src = sink.(Opcodes::Dup).getAnOperand() or exists(Ssa::Definition def, VariableUpdate vu | @@ -103,7 +105,7 @@ private predicate localExactStep(DataFlowNode src, DataFlowNode sink) { src = sink.(ConditionalBranch).getAnOperand() } -private predicate localTaintStep(DataFlowNode src, DataFlowNode sink) { +deprecated private predicate localTaintStep(DataFlowNode src, DataFlowNode sink) { src = sink.(BinaryArithmeticExpr).getAnOperand() or src = sink.(Opcodes::Neg).getOperand() or src = sink.(UnaryBitwiseOperation).getOperand() diff --git a/csharp/ql/lib/semmle/code/cil/Method.qll b/csharp/ql/lib/semmle/code/cil/Method.qll index f4f65bbaca1..da1c46b5dfd 100644 --- a/csharp/ql/lib/semmle/code/cil/Method.qll +++ b/csharp/ql/lib/semmle/code/cil/Method.qll @@ -270,7 +270,7 @@ class Setter extends Accessor { */ class TrivialSetter extends Method { TrivialSetter() { - exists(MethodImplementation impl | impl = this.getImplementation() | + exists(MethodImplementation impl | impl = this.getAnImplementation() | impl.getInstruction(0) instanceof ThisAccess and impl.getInstruction(1).(ParameterReadAccess).getTarget().getIndex() = 1 and impl.getInstruction(2) instanceof FieldWriteAccess diff --git a/csharp/ql/lib/semmle/code/cil/Ssa.qll b/csharp/ql/lib/semmle/code/cil/Ssa.qll index 50338d3284d..ec419c1773a 100644 --- a/csharp/ql/lib/semmle/code/cil/Ssa.qll +++ b/csharp/ql/lib/semmle/code/cil/Ssa.qll @@ -24,10 +24,10 @@ module Ssa { } /** Gets a first read of this SSA definition. */ - final ReadAccess getAFirstRead() { result = SsaImpl::getAFirstRead(this) } + deprecated final ReadAccess getAFirstRead() { result = SsaImpl::getAFirstRead(this) } /** Holds if `first` and `second` are adjacent reads of this SSA definition. */ - final predicate hasAdjacentReads(ReadAccess first, ReadAccess second) { + deprecated final predicate hasAdjacentReads(ReadAccess first, ReadAccess second) { SsaImpl::hasAdjacentReads(this, first, second) } @@ -58,8 +58,9 @@ module Ssa { * index `i` in basic block `bb` can reach this phi node without going through * other references. */ - final predicate hasLastInputRef(Definition def, BasicBlock bb, int i) { - SsaImpl::hasLastInputRef(this, def, bb, i) + deprecated final predicate hasLastInputRef(Definition def, BasicBlock bb, int i) { + SsaImpl::lastRefRedef(def, bb, i, this) and + def = SsaImpl::getAPhiInput(this) } } } diff --git a/csharp/ql/lib/semmle/code/cil/Stubs.qll b/csharp/ql/lib/semmle/code/cil/Stubs.qll index 692b7750f1f..afe95d3ae77 100644 --- a/csharp/ql/lib/semmle/code/cil/Stubs.qll +++ b/csharp/ql/lib/semmle/code/cil/Stubs.qll @@ -29,14 +29,17 @@ private module Cached { cached predicate bestImplementation(MethodImplementation mi) { - not assemblyIsStubImpl(mi.getLocation()) and - not exists(MethodImplementation better | mi.getMethod() = better.getMethod() | - mi.getNumberOfInstructions() < better.getNumberOfInstructions() - or - mi.getNumberOfInstructions() = better.getNumberOfInstructions() and - mi.getLocation().getFile().toString() > better.getLocation().getFile().toString() - ) and - exists(mi.getAnInstruction()) + exists(Assembly asm | + asm = mi.getLocation() and + (assemblyIsStubImpl(asm) implies asm.getFile().extractedQlTest()) and + not exists(MethodImplementation better | mi.getMethod() = better.getMethod() | + mi.getNumberOfInstructions() < better.getNumberOfInstructions() + or + mi.getNumberOfInstructions() = better.getNumberOfInstructions() and + asm.getFile().toString() > better.getLocation().getFile().toString() + ) and + exists(mi.getAnInstruction()) + ) } } diff --git a/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll index 9ca724cb08d..683ee6268aa 100644 --- a/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll +++ b/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll @@ -68,9 +68,8 @@ private module Cached { Definition getAPhiInput(PhiNode phi) { phiHasInputFromBlock(phi, result, _) } cached - predicate hasLastInputRef(Definition phi, Definition def, BasicBlock bb, int i) { - lastRefRedef(def, bb, i, phi) and - def = getAPhiInput(phi) + predicate lastRefBeforeRedef(Definition def, BasicBlock bb, int i, Definition next) { + lastRefRedef(def, bb, i, next) } } diff --git a/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll b/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll index 8afdbd0d4a3..57221e47aa9 100644 --- a/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll +++ b/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll @@ -191,7 +191,7 @@ private module Annotations { NoNullability() { not nullability_parent(_, _, nullability) } } - /** A type with annotated nullablity, `?`. */ + /** A type with annotated nullability, `?`. */ class AnnotatedNullability extends Nullability { AnnotatedNullability() { nullability instanceof @annotated } diff --git a/csharp/ql/lib/semmle/code/csharp/Assignable.qll b/csharp/ql/lib/semmle/code/csharp/Assignable.qll index ede365ccf75..975f69edaa9 100644 --- a/csharp/ql/lib/semmle/code/csharp/Assignable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Assignable.qll @@ -111,6 +111,7 @@ class AssignableRead extends AssignableAccess { * - The reads of `i` on lines 7 and 8 are next to the read on line 6. * - The read of `this.Field` on line 11 is next to the read on line 10. */ + pragma[nomagic] AssignableRead getANextRead() { forex(ControlFlow::Node cfn | cfn = result.getAControlFlowNode() | cfn = this.getAnAdjacentReadSameVar() @@ -124,7 +125,7 @@ class AssignableRead extends AssignableAccess { * * This is the transitive closure of `getANextRead()`. */ - AssignableRead getAReachableRead() { result = this.getANextRead+() } + deprecated AssignableRead getAReachableRead() { result = this.getANextRead+() } } /** @@ -479,6 +480,7 @@ class AssignableDefinition extends TAssignableDefinition { * Subsequent reads can be found by following the steps defined by * `AssignableRead.getANextRead()`. */ + pragma[nomagic] AssignableRead getAFirstRead() { forex(ControlFlow::Node cfn | cfn = result.getAControlFlowNode() | exists(Ssa::ExplicitDefinition def | result = def.getAFirstReadAtNode(cfn) | @@ -494,7 +496,7 @@ class AssignableDefinition extends TAssignableDefinition { * * This is the equivalent with `getAFirstRead().getANextRead*()`. */ - AssignableRead getAReachableRead() { result = this.getAFirstRead().getANextRead*() } + deprecated AssignableRead getAReachableRead() { result = this.getAFirstRead().getANextRead*() } /** Gets a textual representation of this assignable definition. */ string toString() { none() } diff --git a/csharp/ql/lib/semmle/code/csharp/Conversion.qll b/csharp/ql/lib/semmle/code/csharp/Conversion.qll index d62055b6a17..81282769acf 100644 --- a/csharp/ql/lib/semmle/code/csharp/Conversion.qll +++ b/csharp/ql/lib/semmle/code/csharp/Conversion.qll @@ -517,7 +517,7 @@ predicate convNullableType(ValueOrRefType fromType, NullableType toType) { /** * Holds if `fromType` is `NullType`, and `toType` is a type that can represent * the `null` value, such as a reference type, `Nullable` or a type parameter - * with contraints that restrict it to a reference type. + * with constraints that restrict it to a reference type. */ // This is a deliberate, small Cartesian product, so we have manually lifted it to force the // evaluator to evaluate it in its entirety, rather than trying to optimize it in context. diff --git a/csharp/ql/lib/semmle/code/csharp/Location.qll b/csharp/ql/lib/semmle/code/csharp/Location.qll index 22d87f42424..8b4fabb44e7 100644 --- a/csharp/ql/lib/semmle/code/csharp/Location.qll +++ b/csharp/ql/lib/semmle/code/csharp/Location.qll @@ -125,7 +125,7 @@ class Version extends string { /** * Gets the minor version, for example `3` in `1.2.3.4`. - * If the minor version is unspecifed, then the result is `0`. + * If the minor version is unspecified, then the result is `0`. */ bindingset[this] int getMinor() { result = this.getField(3) } diff --git a/csharp/ql/lib/semmle/code/csharp/Property.qll b/csharp/ql/lib/semmle/code/csharp/Property.qll index 1bd65425845..94aecf65637 100644 --- a/csharp/ql/lib/semmle/code/csharp/Property.qll +++ b/csharp/ql/lib/semmle/code/csharp/Property.qll @@ -136,7 +136,7 @@ class Property extends DotNet::Property, DeclarationWithGetSetAccessors, @proper * } * ``` * - * Note that this information is only avaiable for properties in source + * Note that this information is only available for properties in source * code. */ predicate isAutoImplemented() { diff --git a/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll b/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll index 090599a60a7..f3c1c7a3c78 100644 --- a/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll +++ b/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll @@ -11,15 +11,19 @@ private predicate isDisposeMethod(DotNet::Callable method) { method.getNumberOfParameters() = 0 } -private predicate cilVariableReadFlowsTo(CIL::Variable variable, CIL::DataFlowNode n) { - n = variable.getARead() +private predicate cilVariableReadFlowsToNode(CIL::Variable variable, DataFlow::Node n) { + n.asExpr() = variable.getARead() or - exists(CIL::DataFlowNode mid | - cilVariableReadFlowsTo(variable, mid) and - mid.getALocalFlowSucc(n, any(CIL::Untainted u)) + exists(DataFlow::Node mid | + cilVariableReadFlowsToNode(variable, mid) and + DataFlow::localFlowStep(mid, n) ) } +private predicate cilVariableReadFlowsTo(CIL::Variable variable, CIL::DataFlowNode n) { + cilVariableReadFlowsToNode(variable, DataFlow::exprNode(n)) +} + private predicate disposedCilVariable(CIL::Variable variable) { // `variable` is the `this` parameter on a dispose method. isDisposeMethod(variable.(CIL::ThisParameter).getMethod()) diff --git a/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll b/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll index 38d559d8ffd..7da80a79ffd 100644 --- a/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll +++ b/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll @@ -44,7 +44,7 @@ class GeneratedNamespaceFile extends GeneratedCodeFile { } } -/** A file contining comments suggesting it contains generated code. */ +/** A file continuing comments suggesting it contains generated code. */ class GeneratedCommentFile extends GeneratedCodeFile { GeneratedCommentFile() { this = any(GeneratedCodeComment c).getLocation().getFile() } } diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll index 2f104dae88c..5b210a4004d 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll @@ -1470,7 +1470,7 @@ module Internal { ) } - private predicate firstReadSameVarUniquePredecesssor( + private predicate firstReadSameVarUniquePredecessor( PreSsa::Definition def, AssignableRead read ) { read = def.getAFirstRead() and @@ -1603,7 +1603,7 @@ module Internal { g1 = def.getARead() and isGuard(g1, v1) and v2 = v1 and - if v1.isReferentialProperty() then firstReadSameVarUniquePredecesssor(def, g1) else any() + if v1.isReferentialProperty() then firstReadSameVarUniquePredecessor(def, g1) else any() ) or exists(PreSsa::Definition def, AbstractValue v | @@ -1684,7 +1684,7 @@ module Internal { mid = e.(Cast).getExpr() ) or - exists(PreSsa::Definition def | emptyDef(def) | firstReadSameVarUniquePredecesssor(def, e)) + exists(PreSsa::Definition def | emptyDef(def) | firstReadSameVarUniquePredecessor(def, e)) or exists(MethodCall mc | mc.getTarget().getAnUltimateImplementee().getUnboundDeclaration() = @@ -1708,7 +1708,7 @@ module Internal { ) or exists(PreSsa::Definition def | nonEmptyDef(def) | - firstReadSameVarUniquePredecesssor(def, e) + firstReadSameVarUniquePredecessor(def, e) ) or exists(MethodCall mc | diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll index 7d0dd10c084..dbd90ba0ae1 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll @@ -885,7 +885,7 @@ module TestOutput { /** * Gets a string used to resolve ties in node and edge ordering. */ - string getOrderDisambuigation() { result = "" } + string getOrderDisambiguation() { result = "" } } query predicate nodes(RelevantNode n, string attr, string val) { @@ -900,7 +900,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(), - p.getOrderDisambuigation() + p.getOrderDisambiguation() ) ).toString() } @@ -923,7 +923,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(), - s.getOrderDisambuigation() + s.getOrderDisambiguation() ) ).toString() } diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll index de44808b18e..095c4e69498 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll @@ -3,7 +3,7 @@ * * Provides a basic block implementation on control flow elements. That is, * a "pre-CFG" where the nodes are (unsplit) control flow elements and the - * successor releation is `succ = succ(pred, _)`. + * successor relation is `succ = succ(pred, _)`. * * The logic is duplicated from the implementation in `BasicBlocks.qll`, and * being an internal class, all predicate documentation has been removed. diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll index 02fb893cb7f..f7c84dbac5f 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll @@ -911,7 +911,7 @@ module BooleanSplitting { * ``` * * the branch taken in the condition on line 2 can be recorded, and the - * recorded value will detmine the branch taken in the condition on line 4. + * recorded value will determine the branch taken in the condition on line 4. */ abstract predicate correlatesConditions(ConditionBlock cb1, ConditionBlock cb2, boolean inverted); diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll index 154ab9423b9..d6ea2161bbb 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll @@ -126,7 +126,7 @@ module SuccessorTypes { * } * ``` * - * has a control flow graph containing macthing successors: + * has a control flow graph containing matching successors: * * ``` * switch @@ -230,7 +230,7 @@ module SuccessorTypes { * } * ``` * - * The node `return x;` is a `break` succedssor of the node `break;`. + * The node `return x;` is a `break` successor of the node `break;`. */ class BreakSuccessor extends SuccessorType, TBreakSuccessor { override string toString() { result = "break" } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll index 08a9a8a5421..8695563f160 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll @@ -97,7 +97,7 @@ module SummaryComponentStack { result = push(SummaryComponent::element(), container) } - /** Gets a stack representing a propery `p` of `object`. */ + /** Gets a stack representing a property `p` of `object`. */ SummaryComponentStack propertyOf(Property p, SummaryComponentStack object) { result = push(SummaryComponent::property(p), object) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll index 5d455e6b387..dbea34f039b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll @@ -17,6 +17,7 @@ private import semmle.code.csharp.frameworks.EntityFramework private import semmle.code.csharp.frameworks.NHibernate private import semmle.code.csharp.frameworks.system.Collections private import semmle.code.csharp.frameworks.system.threading.Tasks +private import semmle.code.cil.Ssa::Ssa as CilSsa /** Gets the callable in which this node occurs. */ DataFlowCallable nodeGetEnclosingCallable(NodeImpl n) { result = n.getEnclosingCallableImpl() } @@ -177,6 +178,12 @@ predicate hasNodePath(ControlFlowReachabilityConfiguration conf, ExprNode n1, No ) } +/** Gets the CIL data-flow node for `node`, if any. */ +CIL::DataFlowNode asCilDataFlowNode(Node node) { + result = node.asParameter() or + result = node.asExpr() +} + /** Provides predicates related to local data flow. */ module LocalFlow { private class LocalExprStepConfiguration extends ControlFlowReachabilityConfiguration { @@ -281,15 +288,6 @@ module LocalFlow { } } - private CIL::DataFlowNode asCilDataFlowNode(Node node) { - result = node.asParameter() or - result = node.asExpr() - } - - private predicate localFlowStepCil(Node nodeFrom, Node nodeTo) { - asCilDataFlowNode(nodeFrom).getALocalFlowSucc(asCilDataFlowNode(nodeTo), any(CIL::Untainted t)) - } - /** * An uncertain SSA definition. Either an uncertain explicit definition or an * uncertain qualifier definition. @@ -341,7 +339,7 @@ module LocalFlow { /** * Holds if there is a local flow step from `nodeFrom` to `nodeTo` involving - * SSA definition `def. + * SSA definition `def`. */ predicate localSsaFlowStep(Ssa::Definition def, Node nodeFrom, Node nodeTo) { // Flow from SSA definition/parameter to first read @@ -386,6 +384,76 @@ module LocalFlow { ) } + private module CilFlow { + private import semmle.code.cil.internal.SsaImpl as CilSsaImpl + + /** + * Holds if `nodeFrom` is a last node referencing SSA definition `def`, which + * can reach `next`. + */ + private predicate localFlowCilSsaInput( + Node nodeFrom, CilSsa::Definition def, CilSsa::Definition next + ) { + exists(CIL::BasicBlock bb, int i | CilSsaImpl::lastRefBeforeRedef(def, bb, i, next) | + def.definesAt(_, bb, i) and + def = nodeFrom.(CilSsaDefinitionNode).getDefinition() + or + nodeFrom = TCilExprNode(bb.getNode(i).(CIL::ReadAccess)) + ) + } + + /** + * Holds if there is a local flow step from `nodeFrom` to `nodeTo` involving + * CIL SSA definition `def`. + */ + private predicate localCilSsaFlowStep(CilSsa::Definition def, Node nodeFrom, Node nodeTo) { + // Flow into SSA definition + exists(CIL::VariableUpdate vu | + vu = def.getVariableUpdate() and + vu.getSource() = asCilDataFlowNode(nodeFrom) and + def = nodeTo.(CilSsaDefinitionNode).getDefinition() + ) + or + // Flow from SSA definition to first read + def = nodeFrom.(CilSsaDefinitionNode).getDefinition() and + nodeTo = TCilExprNode(CilSsaImpl::getAFirstRead(def)) + or + // Flow from read to next read + exists(CIL::ReadAccess readFrom, CIL::ReadAccess readTo | + CilSsaImpl::hasAdjacentReads(def, readFrom, readTo) and + nodeTo = TCilExprNode(readTo) and + nodeFrom = TCilExprNode(readFrom) + ) + or + // Flow into phi node + exists(CilSsa::PhiNode phi | + localFlowCilSsaInput(nodeFrom, def, phi) and + phi = nodeTo.(CilSsaDefinitionNode).getDefinition() and + def = CilSsaImpl::getAPhiInput(phi) + ) + } + + private predicate localExactStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) { + src = sink.(CIL::Opcodes::Dup).getAnOperand() + or + src = sink.(CIL::Conversion).getExpr() + or + src = sink.(CIL::WriteAccess).getExpr() + or + src = sink.(CIL::Method).getAnImplementation().getAnInstruction().(CIL::Return) + or + src = sink.(CIL::Return).getExpr() + or + src = sink.(CIL::ConditionalBranch).getAnOperand() + } + + predicate localFlowStepCil(Node nodeFrom, Node nodeTo) { + localExactStep(asCilDataFlowNode(nodeFrom), asCilDataFlowNode(nodeTo)) + or + localCilSsaFlowStep(_, nodeFrom, nodeTo) + } + } + predicate localFlowStepCommon(Node nodeFrom, Node nodeTo) { exists(Ssa::Definition def | localSsaFlowStep(def, nodeFrom, nodeTo) and @@ -398,7 +466,7 @@ module LocalFlow { or ThisFlow::adjacentThisRefs(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) or - localFlowStepCil(nodeFrom, nodeTo) + CilFlow::localFlowStepCil(nodeFrom, nodeTo) } /** @@ -634,7 +702,7 @@ private predicate arrayStore(Expr e, Expr src, Expr a, boolean postUpdate) { e = a and postUpdate = false or - // Member initalizer, `new C { Array = { [i] = src } }` + // Member initializer, `new C { Array = { [i] = src } }` exists(MemberInitializer mi | mi = a.(ObjectInitializer).getAMemberInitializer() and mi.getLValue() instanceof ArrayAccess and @@ -719,6 +787,7 @@ private module Cached { cfn.getElement() instanceof Expr } or TCilExprNode(CIL::Expr e) { e.getImplementation() instanceof CIL::BestImplementation } or + TCilSsaDefinitionNode(CilSsa::Definition def) or TSsaDefinitionNode(Ssa::Definition def) { // Handled by `TExplicitParameterNode` below not def.(Ssa::ExplicitDefinition).getADefinition() instanceof @@ -867,6 +936,28 @@ predicate nodeIsHidden(Node n) { n.asExpr() = any(WithExpr we).getInitializer() } +/** A CIL SSA definition, viewed as a node in a data flow graph. */ +class CilSsaDefinitionNode extends NodeImpl, TCilSsaDefinitionNode { + CilSsa::Definition def; + + CilSsaDefinitionNode() { this = TCilSsaDefinitionNode(def) } + + /** Gets the underlying SSA definition. */ + CilSsa::Definition getDefinition() { result = def } + + override DataFlowCallable getEnclosingCallableImpl() { + result.asCallable() = def.getBasicBlock().getFirstNode().getImplementation().getMethod() + } + + override CIL::Type getTypeImpl() { result = def.getSourceVariable().getType() } + + override ControlFlow::Node getControlFlowNodeImpl() { none() } + + override Location getLocationImpl() { result = def.getBasicBlock().getLocation() } + + override string toStringImpl() { result = def.toString() } +} + /** An SSA definition, viewed as a node in a data flow graph. */ class SsaDefinitionNode extends NodeImpl, TSsaDefinitionNode { Ssa::Definition def; @@ -1581,6 +1672,8 @@ predicate jumpStep(Node pred, Node succ) { jrk.getTarget() = call.getATarget(_) and succ = getAnOutNode(call, jrk.getTargetReturnKind()) ) + or + FlowSummaryImpl::Private::Steps::summaryJumpStep(pred, succ) } private class StoreStepConfiguration extends ControlFlowReachabilityConfiguration { @@ -1945,8 +2038,8 @@ private module PostUpdateNodes { ExprPostUpdateNode() { this = TExprPostUpdateNode(cfn) } override ExprNode getPreUpdateNode() { - // For compund arguments, such as `m(b ? x : y)`, we want the leaf nodes - // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compund argument, + // For compound arguments, such as `m(b ? x : y)`, we want the leaf nodes + // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument, // `if b then x else y`; and the (2) the underlying expressions; `x` and `y`, // respectively. // diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll index a70bffabfdb..f6520147e19 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll @@ -161,7 +161,7 @@ predicate localFlow(Node source, Node sink) { localFlowStep*(source, sink) } * local (intra-procedural) steps. */ pragma[inline] -predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) } +predicate localExprFlow(DotNet::Expr e1, DotNet::Expr e2) { localFlow(exprNode(e1), exprNode(e2)) } /** * A data flow node that jumps between callables. This can be extended in diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index d857cdaa359..275569b4c02 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -61,6 +61,20 @@ module Public { /** Gets a summary component for a return of kind `rk`. */ SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } } /** @@ -256,6 +270,7 @@ module Private { TParameterSummaryComponent(ArgumentPosition pos) or TArgumentSummaryComponent(ParameterPosition pos) or TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or TWithoutContentSummaryComponent(ContentSet c) or TWithContentSummaryComponent(ContentSet c) @@ -563,6 +578,11 @@ module Private { getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), rk) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) or n = summaryNodeOutputState(c, s) and @@ -582,6 +602,11 @@ module Private { getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), pos) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) ) } @@ -692,6 +717,18 @@ module Private { ) } + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(Node pred, Node succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + /** * Holds if values stored inside content `c` are cleared at `n`. `n` is a * synthesized summary node, so in order for values to be cleared at calls @@ -750,6 +787,27 @@ module Private { ) } + /** + * Holds if `p` can reach `n` in a summarized callable, using only value-preserving + * local steps. `clearsOrExpects` records whether any node on the path from `p` to + * `n` either clears or expects contents. + */ + private predicate paramReachesLocal(ParamNode p, Node n, boolean clearsOrExpects) { + viableParam(_, _, _, p) and + n = p and + clearsOrExpects = false + or + exists(Node mid, boolean clearsOrExpectsMid | + paramReachesLocal(p, mid, clearsOrExpectsMid) and + summaryLocalStep(mid, n, true) and + if + summaryClearsContent(n, _) or + summaryExpectsContent(n, _) + then clearsOrExpects = true + else clearsOrExpects = clearsOrExpectsMid + ) + } + /** * Holds if use-use flow starting from `arg` should be prohibited. * @@ -759,15 +817,11 @@ module Private { */ pragma[nomagic] predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) { - exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret | + exists(ParamNode p, ParameterPosition ppos, Node ret | + paramReachesLocal(p, ret, true) and p = summaryArgParam0(_, arg, sc) and p.isParameterOf(_, pragma[only_bind_into](ppos)) and - summaryLocalStep(p, mid, true) and - summaryLocalStep(mid, ret, true) and isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos)) - | - summaryClearsContent(mid, _) or - summaryExpectsContent(mid, _) ) } @@ -854,18 +908,28 @@ module Private { AccessPathRange() { relevantSpec(this) } } - /** Holds if specification component `c` parses as parameter `n`. */ + /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and pos = parseParamBody(token.getAnArgument()) } - /** Holds if specification component `c` parses as argument `n`. */ + /** Holds if specification component `token` parses as argument `pos`. */ predicate parseArg(AccessPathToken token, ParameterPosition pos) { token.getName() = "Argument" and pos = parseArgBody(token.getAnArgument()) } + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + private SummaryComponent interpretComponent(AccessPathToken token) { exists(ParameterPosition pos | parseArg(token, pos) and result = SummaryComponent::argument(pos) @@ -877,6 +941,10 @@ module Private { or token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or result = interpretComponentSpecific(token) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll index 864fda40cf7..93cd70f63c2 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll @@ -91,6 +91,12 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { ) } +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { + exists(sg) and + result = Gvn::getGlobalValueNumber(any(ObjectType t)) +} + bindingset[provenance] private boolean isGenerated(string provenance) { provenance = "generated" and result = true diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll index 0655ffee6f9..9ff6888d6e4 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll @@ -803,14 +803,14 @@ private module CapturedVariableImpl { * Holds if `c` is a relevant part of the call graph for * `updatesCapturedVariable` based on following edges in forward direction. */ - private predicate reachbleFromSource(Callable c) { + private predicate reachableFromSource(Callable c) { source(_, _, _, c, _) or - exists(Callable mid | reachbleFromSource(mid) | callEdge(mid, c)) + exists(Callable mid | reachableFromSource(mid) | callEdge(mid, c)) } private predicate sink(Callable c, CapturedWrittenLocalScopeVariable captured) { - reachbleFromSource(c) and + reachableFromSource(c) and relevantDefinition(c, captured, _) } @@ -932,14 +932,14 @@ private module CapturedVariableLivenessImpl { * Holds if `c` is a relevant part of the call graph for * `readsCapturedVariable` based on following edges in forward direction. */ - private predicate reachbleFromSource(Callable c) { + private predicate reachableFromSource(Callable c) { source(_, _, _, c, _) or - exists(Callable mid | reachbleFromSource(mid) | callEdge(mid, c)) + exists(Callable mid | reachableFromSource(mid) | callEdge(mid, c)) } private predicate sink(Callable c, CapturedReadLocalScopeVariable captured) { - reachbleFromSource(c) and + reachableFromSource(c) and capturerReads(c, captured) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll index 77a21025840..6d5443d480b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll @@ -53,12 +53,12 @@ module Steps { private predicate flowIn(Parameter p, Expr pred, AssignableRead succ) { exists(AssignableDefinitions::ImplicitParameterDefinition def, Call c | succ = getARead(def) | - pred = getArgumentForOverridderParameter(c, p) and + pred = getArgumentForOverriderParameter(c, p) and p.getUnboundDeclaration() = def.getParameter() ) } - private Expr getArgumentForOverridderParameter(Call call, Parameter p) { + private Expr getArgumentForOverriderParameter(Call call, Parameter p) { exists(Parameter base, Callable callable | result = call.getArgumentForParameter(base) | base = callable.getAParameter() and isOverriderParameter(callable, p, base.getPosition()) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index ec29d704248..4f823907f94 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -26,13 +26,14 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } bindingset[node] predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } -private CIL::DataFlowNode asCilDataFlowNode(DataFlow::Node node) { - result = node.asParameter() or - result = node.asExpr() +private predicate localCilTaintStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) { + src = sink.(CIL::BinaryArithmeticExpr).getAnOperand() or + src = sink.(CIL::Opcodes::Neg).getOperand() or + src = sink.(CIL::UnaryBitwiseOperation).getOperand() } private predicate localTaintStepCil(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - asCilDataFlowNode(nodeFrom).getALocalFlowSucc(asCilDataFlowNode(nodeTo), any(CIL::Tainted t)) + localCilTaintStep(asCilDataFlowNode(nodeFrom), asCilDataFlowNode(nodeTo)) } private class LocalTaintExprStepConfiguration extends ControlFlowReachabilityConfiguration { diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll index 9d7cf3a5867..3e3c8ca79e8 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll @@ -174,7 +174,9 @@ class VariableAccess extends AssignableAccess, @variable_access_expr { class VariableRead extends VariableAccess, AssignableRead { override VariableRead getANextRead() { result = AssignableRead.super.getANextRead() } - override VariableRead getAReachableRead() { result = AssignableRead.super.getAReachableRead() } + deprecated override VariableRead getAReachableRead() { + result = AssignableRead.super.getAReachableRead() + } } /** @@ -200,7 +202,7 @@ class LocalScopeVariableAccess extends VariableAccess, @local_scope_variable_acc class LocalScopeVariableRead extends LocalScopeVariableAccess, VariableRead { override LocalScopeVariableRead getANextRead() { result = VariableRead.super.getANextRead() } - override LocalScopeVariableRead getAReachableRead() { + deprecated override LocalScopeVariableRead getAReachableRead() { result = VariableRead.super.getAReachableRead() } } @@ -242,7 +244,7 @@ class ParameterAccess extends LocalScopeVariableAccess, @parameter_access_expr { class ParameterRead extends ParameterAccess, LocalScopeVariableRead { override ParameterRead getANextRead() { result = LocalScopeVariableRead.super.getANextRead() } - override ParameterRead getAReachableRead() { + deprecated override ParameterRead getAReachableRead() { result = LocalScopeVariableRead.super.getAReachableRead() } } @@ -297,7 +299,7 @@ class LocalVariableAccess extends LocalScopeVariableAccess, @local_variable_acce class LocalVariableRead extends LocalVariableAccess, LocalScopeVariableRead { override LocalVariableRead getANextRead() { result = LocalScopeVariableRead.super.getANextRead() } - override LocalVariableRead getAReachableRead() { + deprecated override LocalVariableRead getAReachableRead() { result = LocalScopeVariableRead.super.getAReachableRead() } } @@ -442,7 +444,9 @@ class PropertyAccess extends AssignableMemberAccess, PropertyAccessExpr { class PropertyRead extends PropertyAccess, AssignableRead { override PropertyRead getANextRead() { result = AssignableRead.super.getANextRead() } - override PropertyRead getAReachableRead() { result = AssignableRead.super.getAReachableRead() } + deprecated override PropertyRead getAReachableRead() { + result = AssignableRead.super.getAReachableRead() + } } /** @@ -581,7 +585,9 @@ class IndexerAccess extends AssignableMemberAccess, ElementAccess, IndexerAccess class IndexerRead extends IndexerAccess, ElementRead { override IndexerRead getANextRead() { result = ElementRead.super.getANextRead() } - override IndexerRead getAReachableRead() { result = ElementRead.super.getAReachableRead() } + deprecated override IndexerRead getAReachableRead() { + result = ElementRead.super.getAReachableRead() + } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll b/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll index 0ae16bb5065..a23da710465 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll @@ -74,7 +74,7 @@ class BitwiseOrExpr extends BinaryBitwiseOperation, @bit_or_expr { } /** - * A bitwise exlusive-or operation, for example `x ^ y`. + * A bitwise exclusive-or operation, for example `x ^ y`. */ class BitwiseXorExpr extends BinaryBitwiseOperation, @bit_xor_expr { override string getOperator() { result = "^" } diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll index 1aa67410c59..edd7aa3932d 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll @@ -417,7 +417,7 @@ class ConstructorInitializer extends Call, @constructor_init_expr { } /** - * Holds if this initialier is a `this` initializer, for example `this(0)` + * Holds if this initializer is a `this` initializer, for example `this(0)` * in * * ```csharp @@ -431,7 +431,7 @@ class ConstructorInitializer extends Call, @constructor_init_expr { predicate isThis() { this.getTargetType() = this.getConstructorType() } /** - * Holds if this initialier is a `base` initializer, for example `base(0)` + * Holds if this initializer is a `base` initializer, for example `base(0)` * in * * ```csharp diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll index b999dfbc0e7..2f090d3fd06 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll @@ -389,7 +389,7 @@ class ArrayCreation extends Expr, @array_creation_expr { /** Holds if this array creation has an initializer. */ predicate hasInitializer() { exists(this.getInitializer()) } - /** Gets the array initializer of this array cration, if any. */ + /** Gets the array initializer of this array creation, if any. */ ArrayInitializer getInitializer() { result = this.getChild(-1) } /** Holds if the type of the created array is inferred from its initializer. */ diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll index 87fbcb8c3a9..03a24b37345 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll @@ -192,7 +192,7 @@ class Operation extends Expr, @op_expr { } /** - * A unary operation. Either a unary arithemtic operation + * A unary operation. Either a unary arithmetic operation * (`UnaryArithmeticOperation`), a unary bitwise operation * (`UnaryBitwiseOperation`), a `sizeof` operation (`SizeofExpr`), a pointer * indirection operation (`PointerIndirectionExpr`), an address-of operation @@ -206,7 +206,7 @@ class UnaryOperation extends Operation, @un_op { } /** - * A binary operation. Either a binary arithemtic operation + * A binary operation. Either a binary arithmetic operation * (`BinaryArithmeticOperation`), a binary bitwise operation * (`BinaryBitwiseOperation`), a comparison operation (`ComparisonOperation`), * or a binary logical operation (`BinaryLogicalOperation`). @@ -776,7 +776,7 @@ class SizeofExpr extends UnaryOperation, @sizeof_expr { * struct A { * public void M() { } * - * unsafe int DirectDerefence() { + * unsafe int DirectDereference() { * int n = 10; * int *pn = &n; * return *pn; @@ -788,7 +788,7 @@ class SizeofExpr extends UnaryOperation, @sizeof_expr { * pa->M(); * } * - * unsafe void ArrayDerefence() { + * unsafe void ArrayDereference() { * char* cp = stackalloc char[10]; * cp[1] = 'a'; * } @@ -813,7 +813,7 @@ class PointerIndirectionExpr extends UnaryOperation, @pointer_indirection_expr { * * ```csharp * class A { - * unsafe int DirectDerefence() { + * unsafe int DirectDereference() { * int n = 10; * int *pn = &n; * return *pn; diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll index 54fa60e03f2..373194ef366 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll @@ -71,6 +71,20 @@ class FormatMethod extends Method { } } +pragma[nomagic] +private predicate parameterReadPostDominatesEntry(ParameterRead pr) { + pr.getAControlFlowNode().postDominates(pr.getEnclosingCallable().getEntryPoint()) and + getParameterType(pr.getTarget()) instanceof ObjectType +} + +pragma[nomagic] +private predicate alwaysPassedToFormatItemParameter(ParameterRead pr) { + pr = any(StringFormatItemParameter other).getAnAssignedArgument() and + parameterReadPostDominatesEntry(pr) + or + alwaysPassedToFormatItemParameter(pr.getANextRead()) +} + /** * A parameter that is used as a format item for `string.Format()`. Either a * format item parameter of `string.Format()`, or a parameter of a method that @@ -85,15 +99,9 @@ class StringFormatItemParameter extends Parameter { ) or // Parameter of a source method that forwards to `string.Format()` - exists( - AssignableDefinitions::ImplicitParameterDefinition def, ParameterRead pr, - StringFormatItemParameter other - | + exists(AssignableDefinitions::ImplicitParameterDefinition def | def.getParameter() = this and - pr = def.getAReachableRead() and - pr.getAControlFlowNode().postDominates(this.getCallable().getEntryPoint()) and - other.getAnAssignedArgument() = pr and - getParameterType(this) instanceof ObjectType + alwaysPassedToFormatItemParameter(def.getAFirstRead()) ) } } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index 652ec19a86a..297ae087e23 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -1243,7 +1243,7 @@ predicate implementsDispose(ValueOrRefType t) { getInvokedDisposeMethod(t).getDe /** * Gets the dispose method that will be invoked on a value `x` - * of type `t` when `x.Dipsose()` is called. + * of type `t` when `x.Dispose()` is called. * * Either the dispose method is (an override of) `IDisposable.Dispose()`, * or an implementation of a method `Dispose(bool)` which is called diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll index aaed35ef73f..d9624b60dcc 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll @@ -416,7 +416,7 @@ class MicrosoftAspNetCoreBuilderEndpointRouteBuilderExtensions extends Class { /** Gets the `MapDelete` extension method. */ Method getMapDeleteMethod() { result = this.getAMethod("MapDelete") } - /** Get a `Map` like extenion methods. */ + /** Get a `Map` like extension methods. */ Method getAMapMethod() { result = [ diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll index 3a02ded5edd..9cddf3e428b 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll @@ -20,7 +20,7 @@ class SystemSecurityCryptographyClass extends Class { } /** Data flow for `System.Security.Cryptography.AsnEncodedDataCollection`. */ -private class SystemSecurityCryptographyAsnEncondedDataCollectionFlowModelCsv extends SummaryModelCsv { +private class SystemSecurityCryptographyAsnEncodedDataCollectionFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = [ diff --git a/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll index e885fdb2778..53fe605b963 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll @@ -130,7 +130,7 @@ module XmlSettings { | not isSafeDtdSetting(dtdVal) and evidence = dtdVal ) and - reason = "DTD procesing enabled in settings" + reason = "DTD processing enabled in settings" or not exists(getAValueForProp(creation, "ProhibitDtd")) and reason = "DTD processing is enabled by default in versions before 4.0" and diff --git a/csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql b/csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql index 5d08222885e..0539cd27a66 100644 --- a/csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql +++ b/csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql @@ -23,9 +23,9 @@ where exists(MethodCall callToEquals | callToEquals.getTarget() instanceof EqualsMethod and callToEquals.getQualifier().getType() = c and - message = "but it is called $@" and + message = "but $@" and item = callToEquals and - itemText = "here" + itemText = "'Equals' is called on an instance of this class" ) or item = c.getAnOperator().(EQOperator) and diff --git a/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql b/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql index abb962449b9..3349ee93251 100644 --- a/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql +++ b/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql @@ -22,12 +22,22 @@ private class DisposeCall extends MethodCall { DisposeCall() { this.getTarget() instanceof DisposeMethod } } -private predicate localFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - DataFlow::localFlowStep(nodeFrom, nodeTo) and - not exists(AssignableDefinition def, UsingStmt us | - nodeTo.asExpr() = def.getAReachableRead() and +pragma[nomagic] +private predicate isDisposedAccess(AssignableRead ar) { + exists(AssignableDefinition def, UsingStmt us | + ar = def.getAFirstRead() and def.getTargetAccess() = us.getAVariableDeclExpr().getAccess() ) + or + exists(AssignableRead mid | + isDisposedAccess(mid) and + ar = mid.getANextRead() + ) +} + +private predicate localFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + DataFlow::localFlowStep(nodeFrom, nodeTo) and + not isDisposedAccess(nodeTo.asExpr()) } private predicate reachesDisposeCall(DisposeCall disposeCall, DataFlow::Node node) { diff --git a/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql b/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql index deb9887b85a..c3b5068bb09 100644 --- a/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql +++ b/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql @@ -106,4 +106,4 @@ predicate mayNotBeDisposed(LocalScopeDisposableCreation disposable) { from LocalScopeDisposableCreation disposable where mayNotBeDisposed(disposable) -select disposable, "Disposable '" + disposable.getType() + "' is created here but is not disposed." +select disposable, "Disposable '" + disposable.getType() + "' is created but not disposed." diff --git a/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp b/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp index bac228017c8..2d0c1849914 100644 --- a/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp +++ b/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp @@ -18,7 +18,7 @@ more difficult to change which implementation you are using at a later date.

    -
  • C# Corner, C# Interface Based Development.
    • +
  • C# Corner, C# Interface Based Development.
    •  diff --git a/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs b/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs index 9e4673c9e0a..33eb8363b87 100644 --- a/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs +++ b/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs @@ -5,7 +5,7 @@ class Circle { return Math.Pow(radius, 2) * 3.14; } - public double circumfrence() + public double circumference() { return radius * 2 * 3.14; } diff --git a/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs b/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs index 1d2b9dc7f2e..218d0a1ba11 100644 --- a/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs +++ b/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs @@ -6,7 +6,7 @@ class Circle { return Math.Pow(radius, 2) * 3.14; // BAD: use the "Pi" constant } - public double circumfrence() + public double circumference() { return radius * 2 * 3.14; // BAD: use the "Pi" constant } diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index bf47d9f7f70..8bd7652a52c 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.1 + +### Minor Analysis Improvements + +* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages. + ## 0.4.0 ### Minor Analysis Improvements diff --git a/csharp/ql/src/CSI/NullAlways.ql b/csharp/ql/src/CSI/NullAlways.ql index 1c6ecf8997c..e52abdc3cd5 100644 --- a/csharp/ql/src/CSI/NullAlways.ql +++ b/csharp/ql/src/CSI/NullAlways.ql @@ -16,4 +16,4 @@ import semmle.code.csharp.dataflow.Nullness from Dereference d, Ssa::SourceVariable v where d.isFirstAlwaysNull(v) -select d, "Variable $@ is always null here.", v, v.toString() +select d, "Variable $@ is always null at this dereference.", v, v.toString() diff --git a/csharp/ql/src/CSI/NullMaybe.ql b/csharp/ql/src/CSI/NullMaybe.ql index eb20439a821..bb886f19929 100644 --- a/csharp/ql/src/CSI/NullMaybe.ql +++ b/csharp/ql/src/CSI/NullMaybe.ql @@ -19,4 +19,5 @@ import PathGraph from Dereference d, PathNode source, PathNode sink, Ssa::SourceVariable v, string msg, Element reason where d.isFirstMaybeNull(v.getAnSsaDefinition(), source, sink, msg, reason) -select d, source, sink, "Variable $@ may be null here " + msg + ".", v, v.toString(), reason, "this" +select d, source, sink, "Variable $@ may be null at this access " + msg + ".", v, v.toString(), + reason, "this" diff --git a/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql b/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql index f2f216d2f88..9c8bb72708c 100644 --- a/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql +++ b/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql @@ -28,4 +28,4 @@ where readaccess.getEnclosingCallable() = getter and not exists(LockStmt readlock | readlock.getAChildStmt+().getAChildExpr+() = readaccess) ) -select p, "Field '$@' is guarded by a lock in the setter but not in the getter.", f, f.getName() +select p, "Field $@ is guarded by a lock in the setter but not in the getter.", f, f.getName() diff --git a/csharp/ql/src/Dead Code/NonAssignedFields.ql b/csharp/ql/src/Dead Code/NonAssignedFields.ql index 3c76ba0e58f..83aa889b77c 100644 --- a/csharp/ql/src/Dead Code/NonAssignedFields.ql +++ b/csharp/ql/src/Dead Code/NonAssignedFields.ql @@ -111,6 +111,5 @@ where fa.getTarget() = g and g.getUnboundDeclaration() = f ) -select f, - "The field '" + f.getName() + "' is never explicitly assigned a value, yet it is read $@.", fa, - "here" +select f, "The field '" + f.getName() + "' is never explicitly assigned a value, yet $@.", fa, + "the field is read" diff --git a/csharp/ql/src/Dead Code/UnusedField.ql b/csharp/ql/src/Dead Code/UnusedField.ql index 435ec6a370c..12a68f31324 100644 --- a/csharp/ql/src/Dead Code/UnusedField.ql +++ b/csharp/ql/src/Dead Code/UnusedField.ql @@ -19,4 +19,4 @@ where f.fromSource() and isDeadField(f) and not f.getDeclaringType().isPartial() -select f, "Unused field (or field used from dead method only)" +select f, "Unused field (or field used from dead method only)." diff --git a/csharp/ql/src/Dead Code/UnusedMethod.ql b/csharp/ql/src/Dead Code/UnusedMethod.ql index 628803281f4..b2f69bd6651 100644 --- a/csharp/ql/src/Dead Code/UnusedMethod.ql +++ b/csharp/ql/src/Dead Code/UnusedMethod.ql @@ -20,4 +20,4 @@ where m.fromSource() and isDeadMethod(m) and not m.getDeclaringType().isPartial() -select m, "Unused method (or method called from dead method only)" +select m, "Unused method (or method called from dead method only)." diff --git a/csharp/ql/src/Diagnostics/DiagnosticNoExtractionErrors.ql b/csharp/ql/src/Diagnostics/DiagnosticNoExtractionErrors.ql index cb86e293efc..cd387c11b4d 100644 --- a/csharp/ql/src/Diagnostics/DiagnosticNoExtractionErrors.ql +++ b/csharp/ql/src/Diagnostics/DiagnosticNoExtractionErrors.ql @@ -4,6 +4,7 @@ * without encountering an extraction or compiler error in the file. * @kind diagnostic * @id cs/diagnostics/successfully-extracted-files + * @tags successfully-extracted-files */ import csharp diff --git a/csharp/ql/src/Language Abuse/ForeachCapture.ql b/csharp/ql/src/Language Abuse/ForeachCapture.ql index b3597418390..babd79bb407 100644 --- a/csharp/ql/src/Language Abuse/ForeachCapture.ql +++ b/csharp/ql/src/Language Abuse/ForeachCapture.ql @@ -111,5 +111,5 @@ predicate declaredInsideLoop(ForeachStmt loop, LocalVariable v) { from LambdaDataFlowConfiguration c, AnonymousFunctionExpr lambda, Variable loopVar, Element storage where c.capturesLoopVarAndIsStoredIn(lambda, loopVar, storage) -select lambda, "Function which may be stored in $@ captures variable $@", storage, +select lambda, "Function which may be stored in $@ captures variable $@.", storage, storage.toString(), loopVar, loopVar.getName() diff --git a/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql b/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql index e784bb4258d..6a82c40d840 100644 --- a/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql +++ b/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql @@ -35,5 +35,5 @@ where uselessIsBeforeAs(ae, ie) and not exists(MethodCall mc | ae = mc.getAnArgument().getAChildExpr*()) select ae, - "This 'as' expression performs a type test - it should be directly compared against null, rendering the 'is' $@ potentially redundant.", - ie, "here" + "This 'as' expression performs a type test - it should be directly compared against null, rendering the $@ potentially redundant.", + ie, "is" diff --git a/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp b/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp index e1d6f9d5f9f..5e52142c84e 100644 --- a/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp +++ b/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp @@ -5,7 +5,7 @@

    Comparisons which always yield the same result are unnecessary and may indicate a bug in the - logic. This can can happen when the data type of one of the operands has a limited range of values. + logic. This can happen when the data type of one of the operands has a limited range of values. For example unsigned integers are always greater than or equal to zero, and byte values are always less than 256.

    diff --git a/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp b/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp index a2000deb2d5..c77c656a655 100644 --- a/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp +++ b/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp @@ -9,7 +9,7 @@

    -

    Use speific era when creating DateTime and DateTimeOffset structs from previously stored date in Japanese calendar

    +

    Use specific era when creating DateTime and DateTimeOffset structs from previously stored date in Japanese calendar

    Don't store dates in Japanese format

    Don't use hard-coded era start date for date calculations converting dates from Japanese date format

    Use JapaneseCalendar class for date formatting only

    diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp index 1ccdceb7412..325a4531afe 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp @@ -6,7 +6,7 @@     -

    Create new instances of the object that implements or has a field of type System.Security.Cryptography.ICryptoTransform to avoid sharing it accross multiple threads.

    +

    Create new instances of the object that implements or has a field of type System.Security.Cryptography.ICryptoTransform to avoid sharing it across multiple threads.

     diff --git a/csharp/ql/src/Linq/BadMultipleIteration.ql b/csharp/ql/src/Linq/BadMultipleIteration.ql index 3c8b8c1418b..e07de273e63 100644 --- a/csharp/ql/src/Linq/BadMultipleIteration.ql +++ b/csharp/ql/src/Linq/BadMultipleIteration.ql @@ -59,6 +59,5 @@ where va = seq.getAnAccess() and potentiallyConsumingAccess(va) and count(VariableAccess x | x = seq.getAnAccess() and potentiallyConsumingAccess(x)) > 1 -select seq, - "This enumerable sequence may not be repeatable, but is potentially consumed multiple times $@.", - va, "here" +select seq, "This enumerable sequence may not be repeatable, but $@.", va, + "it is potentially consumed multiple times" diff --git a/csharp/ql/src/Linq/MissedCastOpportunity.ql b/csharp/ql/src/Linq/MissedCastOpportunity.ql index 2c61d5cb9f6..24d1c87bd2a 100644 --- a/csharp/ql/src/Linq/MissedCastOpportunity.ql +++ b/csharp/ql/src/Linq/MissedCastOpportunity.ql @@ -16,5 +16,5 @@ import Linq.Helpers from ForeachStmt fes, LocalVariableDeclStmt s where missedCastOpportunity(fes, s) select fes, - "This foreach loop immediately casts its iteration variable to another type $@ - consider casting the sequence explicitly using '.Cast(...)'.", - s, "here" + "This foreach loop immediately $@ - consider casting the sequence explicitly using '.Cast(...)'.", + s, "casts its iteration variable to another type" diff --git a/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql b/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql index 226cacd98fb..3a984d0cc3e 100644 --- a/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql +++ b/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql @@ -16,5 +16,5 @@ import Linq.Helpers from ForeachStmt fes, LocalVariableDeclStmt s where missedOfTypeOpportunity(fes, s) select fes, - "This foreach loop immediately uses 'as' to coerce its iteration variable to another type $@ - consider using '.OfType(...)' instead.", - s, "here" + "This foreach loop immediately uses 'as' to $@ - consider using '.OfType(...)' instead.", s, + "coerce its iteration variable to another type" diff --git a/csharp/ql/src/Linq/MissedSelectOpportunity.ql b/csharp/ql/src/Linq/MissedSelectOpportunity.ql index a7c3385c2d0..1714aed81da 100644 --- a/csharp/ql/src/Linq/MissedSelectOpportunity.ql +++ b/csharp/ql/src/Linq/MissedSelectOpportunity.ql @@ -25,5 +25,5 @@ where missedSelectOpportunity(fes, s) and not oversized(s) select fes, - "This foreach loop immediately maps its iteration variable to another variable $@ - consider mapping the sequence explicitly using '.Select(...)'.", - s, "here" + "This foreach loop immediately $@ - consider mapping the sequence explicitly using '.Select(...)'.", + s, "maps its iteration variable to another variable" diff --git a/csharp/ql/src/Linq/MissedWhereOpportunity.ql b/csharp/ql/src/Linq/MissedWhereOpportunity.ql index 9a7f0407ccb..4c93b7ab6bf 100644 --- a/csharp/ql/src/Linq/MissedWhereOpportunity.ql +++ b/csharp/ql/src/Linq/MissedWhereOpportunity.ql @@ -17,5 +17,5 @@ where missedWhereOpportunity(fes, is) and not missedAllOpportunity(fes) select fes, - "This foreach loop implicitly filters its target sequence $@ - consider filtering the sequence explicitly using '.Where(...)'.", - is.getCondition(), "here" + "This foreach loop $@ - consider filtering the sequence explicitly using '.Where(...)'.", + is.getCondition(), "implicitly filters its target sequence" diff --git a/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql b/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql index 3e395e747b5..545484e6294 100644 --- a/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql +++ b/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql @@ -20,5 +20,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in a path.", source.getNode(), - "User-provided value" +select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql index 983189a6c55..20a7be1c5b0 100644 --- a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql @@ -19,5 +19,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in a command.", source.getNode(), - "User-provided value" +select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql index 656b8b51786..8fa673f50f3 100644 --- a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql @@ -24,5 +24,5 @@ class StoredTaintTrackingConfiguration extends TaintTrackingConfiguration { from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in a command.", source.getNode(), - "Stored user-provided value" +select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(), + "stored (potentially user-provided) value" diff --git a/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql b/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql index 2286b59b0fe..f2dc334539c 100644 --- a/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql +++ b/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql @@ -29,8 +29,8 @@ from where c.hasFlowPath(source, sink) and if exists(sink.getNode().(Sink).explanation()) - then explanation = ": " + sink.getNode().(Sink).explanation() + "." - else explanation = "." + then explanation = " (" + sink.getNode().(Sink).explanation() + ")" + else explanation = "" select sink.getNode(), source, sink, - "$@ flows to here and is written to HTML or JavaScript" + explanation, source.getNode(), - "Stored user-provided value" + "This HTML or JavaScript write" + explanation + " depends on a $@.", source.getNode(), + "stored (potentially user-provided) value" diff --git a/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql b/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql index 77c9e1dd34b..3d363d87310 100644 --- a/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql +++ b/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql @@ -22,5 +22,5 @@ class StoredTaintTrackingConfiguration extends SqlInjection::TaintTrackingConfig from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in an SQL query.", - source.getNode(), "Stored user-provided value" +select sink.getNode(), source, sink, "This SQL query depends on a $@.", source.getNode(), + "stored user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql b/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql index 09b1e637090..e4298741ca8 100644 --- a/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql +++ b/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql @@ -25,5 +25,5 @@ string getSourceType(DataFlow::Node node) { from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Query might include code from $@.", source, +select sink.getNode(), source, sink, "This query depends on $@.", source, ("this " + getSourceType(source.getNode())) diff --git a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql index 3f4eae7a10c..f4413eeb17a 100644 --- a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql +++ b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql @@ -17,5 +17,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in an LDAP query.", - source.getNode(), "User-provided value" +select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql b/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql index 2f6b20bad4e..26a0711037d 100644 --- a/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql +++ b/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql @@ -22,5 +22,5 @@ class StoredTaintTrackingConfiguration extends TaintTrackingConfiguration { from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in an LDAP query.", - source.getNode(), "Stored user-provided value" +select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(), + "stored (potentially user-provided) value" diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql index 02aa158a120..038dc267d14 100644 --- a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql +++ b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql @@ -48,4 +48,5 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration { from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink, source, sink, "$@ flows to here and is inserted as XML.", source, "User-provided value" +select sink.getNode(), source, sink, "This XML element depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql index deac49329b7..17e15fee924 100644 --- a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql +++ b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql @@ -19,5 +19,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is compiled as code.", source.getNode(), - "User-provided value" +select sink.getNode(), source, sink, "This code compilation depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql b/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql index 9bb38adc895..23f60cb2368 100644 --- a/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql +++ b/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql @@ -17,5 +17,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in a resource descriptor.", - source.getNode(), "User-provided value" +select sink.getNode(), source, sink, "This resource descriptor depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql b/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql index 3367771e0bf..7b6d069b211 100644 --- a/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql +++ b/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql @@ -18,5 +18,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "$@ flows to here and is processed as XML without validation because " + - sink.getNode().(Sink).getReason(), source.getNode(), "User-provided value" + "This XML processing depends on a $@ without validation because " + + sink.getNode().(Sink).getReason(), source.getNode(), "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql index 9c3b9b21bac..3ca894db15a 100644 --- a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql @@ -49,5 +49,4 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration { from TaintTrackingConfiguration c, DataFlow::Node source, DataFlow::Node sink where c.hasFlow(source, sink) -select sink, "$@ flows to here and is used as the path to dynamically load an assembly.", source, - "User-provided value" +select sink, "This assembly path depends on a $@.", source, "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-117/LogForging.ql b/csharp/ql/src/Security Features/CWE-117/LogForging.ql index 039af51123e..adbee47ed59 100644 --- a/csharp/ql/src/Security Features/CWE-117/LogForging.ql +++ b/csharp/ql/src/Security Features/CWE-117/LogForging.ql @@ -17,5 +17,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to log entry.", source.getNode(), - "User-provided value" +select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql index f2b0918e1e5..35529f4e234 100644 --- a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql +++ b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql @@ -31,7 +31,13 @@ class FormatStringConfiguration extends TaintTracking::Configuration { } } +string getSourceType(DataFlow::Node node) { + result = node.(RemoteFlowSource).getSourceType() + or + result = node.(LocalFlowSource).getSourceType() +} + from FormatStringConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used as a format string.", - source.getNode(), source.getNode().toString() +select sink.getNode(), source, sink, "This format string depends on $@.", source.getNode(), + ("this" + getSourceType(source.getNode())) diff --git a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql index ed3e5da0b1f..3bcb16b749d 100644 --- a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql +++ b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql @@ -47,6 +47,5 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration { from TaintTrackingConfiguration configuration, DataFlow::PathNode source, DataFlow::PathNode sink where configuration.hasFlowPath(source, sink) -select sink.getNode(), source, sink, - "Sensitive information from $@ flows to here, and is transmitted to the user.", source.getNode(), - source.toString() +select sink.getNode(), source, sink, "This data transmitted to the user depends on $@.", + source.getNode(), "sensitive information" diff --git a/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql b/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql index 7f9c87de5fc..0f374fb6abe 100644 --- a/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql +++ b/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql @@ -64,6 +64,5 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration { from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, - "Exception information from $@ flows to here, and is exposed to the user.", source.getNode(), - source.toString() +select sink.getNode(), source, sink, "This information exposed to the user depends on $@.", + source.getNode(), "exception information" diff --git a/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql b/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql index f7eacf40fc8..8ecdb0039fc 100644 --- a/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql +++ b/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql @@ -19,5 +19,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Sensitive data returned by $@ is stored here.", +select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.", source.getNode(), source.toString() diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql index d2e95de43bf..8f30847cde0 100644 --- a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql +++ b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql @@ -38,5 +38,5 @@ class StringLiteralSource extends KeySource { from SymmetricKeyTaintTrackingConfiguration keyFlow, KeySource src, SymmetricEncryptionKeySink sink where keyFlow.hasFlow(src, sink) -select sink, "Hard-coded symmetric $@ is used in symmetric algorithm in " + sink.getDescription(), - src, "key" +select sink, "This hard-coded $@ is used in symmetric algorithm in " + sink.getDescription(), src, + "symmetric key" diff --git a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql index a4f4d63d6ee..4f7e04f1175 100644 --- a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql +++ b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql @@ -41,4 +41,4 @@ class AddCertToRootStoreConfig extends DataFlow::Configuration { from DataFlow::PathNode oc, DataFlow::PathNode mc, AddCertToRootStoreConfig config where config.hasFlowPath(oc, mc) -select mc.getNode(), oc, mc, "Certificate added to the root certificate store." +select mc.getNode(), oc, mc, "This certificate is added to the root certificate store." diff --git a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql index 25c8ea6ef89..8f7a49db36d 100644 --- a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql +++ b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql @@ -41,5 +41,6 @@ class TaintTrackingConfiguration extends DataFlow::Configuration { from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and does not specify `Encrypt=True`.", - source.getNode(), "Connection string" +select sink.getNode(), source, sink, + "$@ flows to this SQL connection and does not specify `Encrypt=True`.", source.getNode(), + "Connection string" diff --git a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql index a58e94f4cf3..ffdb7220f01 100644 --- a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql +++ b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql @@ -69,5 +69,5 @@ where loginMethod(loginMethod, fromLoginFlow) and sessionUse(sessionUse.getElement()) and controlStep+(loginCall.getASuccessorByType(fromLoginFlow), sessionUse) -select sessionUse, "This session has not been invalidated following the call to '$@'.", loginCall, +select sessionUse, "This session has not been invalidated following the call to $@.", loginCall, loginMethod.getName() diff --git a/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql b/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql index 568da9188d5..9bd90a5b212 100644 --- a/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql +++ b/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql @@ -19,5 +19,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "$@ flows to here and is loaded insecurely as XML (" + sink.getNode().(Sink).getReason() + ").", - source.getNode(), "User-provided value" + "This insecure XML processing depends on a $@ (" + sink.getNode().(Sink).getReason() + ").", + source.getNode(), "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql b/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql index 651ffa15f4f..46fd76a2453 100644 --- a/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql @@ -22,5 +22,5 @@ class StoredTaintTrackingConfiguration extends XPathInjection::TaintTrackingConf from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.", - source.getNode(), "Stored user-provided value" +select sink.getNode(), source, sink, "This XPath expression depends on a $@.", source.getNode(), + "stored (potentially user-provided) value" diff --git a/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql b/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql index 8bcf350f594..c05e34d09db 100644 --- a/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql @@ -17,5 +17,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.", - source.getNode(), "User-provided value" +select sink.getNode(), source, sink, "This XPath expression depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-730/ReDoS.ql b/csharp/ql/src/Security Features/CWE-730/ReDoS.ql index df151dddf5b..9d74f5b6e6e 100644 --- a/csharp/ql/src/Security Features/CWE-730/ReDoS.ql +++ b/csharp/ql/src/Security Features/CWE-730/ReDoS.ql @@ -29,5 +29,5 @@ where sink.getNode() instanceof ExponentialRegexSink ) select sink.getNode(), source, sink, - "$@ flows to regular expression operation with dangerous regex.", source.getNode(), - "User-provided value" + "This regex operation with dangerous complexity depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql index 3bdb1f6c7bd..5fc59c13c57 100644 --- a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql +++ b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql @@ -19,6 +19,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode().(Sink).getSensitiveMethodCall(), source, sink, - "Sensitive method may not be executed depending on $@, which flows from $@.", sink.getNode(), - "this condition", source.getNode(), "user input" +select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", + sink.getNode().(Sink).getSensitiveMethodCall(), "action", source.getNode(), "user-provided value" diff --git a/csharp/ql/src/Security Features/Encryption using ECB.qhelp b/csharp/ql/src/Security Features/Encryption using ECB.qhelp index 0315813d7bc..db66106f834 100644 --- a/csharp/ql/src/Security Features/Encryption using ECB.qhelp +++ b/csharp/ql/src/Security Features/Encryption using ECB.qhelp @@ -4,7 +4,7 @@

    ECB should not be used as a mode for encryption. It has dangerous weaknesses. Data is encrypted the same way every time -meaning the same plaintext input will always produce the same cyphertext. This makes encrypted messages vulnerable +meaning the same plaintext input will always produce the same ciphertext. This makes encrypted messages vulnerable to replay attacks.

     diff --git a/csharp/ql/src/Security Features/InsecureRandomness.ql b/csharp/ql/src/Security Features/InsecureRandomness.ql index 08b46a41439..6262eac9df2 100644 --- a/csharp/ql/src/Security Features/InsecureRandomness.ql +++ b/csharp/ql/src/Security Features/InsecureRandomness.ql @@ -117,5 +117,5 @@ from DataFlow::PathNode sink where randomTracking.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "Cryptographically insecure random number is generated at $@ and used here in a security context.", + "This uses a cryptographically insecure random number generated at $@ in a security context.", source.getNode(), source.getNode().toString() diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll index 685eda64e50..d4cc0ae43cc 100644 --- a/csharp/ql/src/Telemetry/ExternalApi.qll +++ b/csharp/ql/src/Telemetry/ExternalApi.qll @@ -17,8 +17,10 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote class TestLibrary extends RefType { TestLibrary() { this.getNamespace() - .getName() - .matches(["NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%"]) + .getQualifiedName() + .matches([ + "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%" + ]) } } @@ -114,29 +116,39 @@ class ExternalApi extends DotNet::Callable { int resultLimit() { result = 1000 } /** - * Holds if the relevant usage count of `api` is `usages`. + * Holds if it is relevant to count usages of `api`. */ -signature predicate relevantUsagesSig(ExternalApi api, int usages); +signature predicate relevantApi(ExternalApi api); /** * Given a predicate to count relevant API usages, this module provides a predicate * for restricting the number or returned results based on a certain limit. */ -module Results { - private int getOrder(ExternalApi api) { - api = - rank[result](ExternalApi a, int usages | - getRelevantUsages(a, usages) +module Results { + private int getUsages(string apiInfo) { + result = + strictcount(DispatchCall c, ExternalApi api | + c = api.getACall() and + apiInfo = api.getInfo() and + getRelevantUsages(api) + ) + } + + private int getOrder(string apiInfo) { + apiInfo = + rank[result](string info, int usages | + usages = getUsages(info) | - a order by usages desc, a.getInfo() + info order by usages desc, info ) } /** - * Holds if `api` is being used `usages` times and if it is - * in the top results (guarded by resultLimit). + * Holds if there exists an API with `apiInfo` that is being used `usages` times + * and if it is in the top results (guarded by resultLimit). */ - predicate restrict(ExternalApi api, int usages) { - getRelevantUsages(api, usages) and getOrder(api) <= resultLimit() + predicate restrict(string apiInfo, int usages) { + usages = getUsages(apiInfo) and + getOrder(apiInfo) <= resultLimit() } } diff --git a/csharp/ql/src/Telemetry/SupportedExternalSinks.ql b/csharp/ql/src/Telemetry/SupportedExternalSinks.ql index 74d36bc4cec..4eb42c4628f 100644 --- a/csharp/ql/src/Telemetry/SupportedExternalSinks.ql +++ b/csharp/ql/src/Telemetry/SupportedExternalSinks.ql @@ -10,12 +10,11 @@ private import csharp private import semmle.code.csharp.dispatch.Dispatch private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSink() and - usages = strictcount(DispatchCall c | c = api.getACall()) + api.isSink() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Telemetry/SupportedExternalSources.ql b/csharp/ql/src/Telemetry/SupportedExternalSources.ql index 9e57adb9b22..0d0b38a4754 100644 --- a/csharp/ql/src/Telemetry/SupportedExternalSources.ql +++ b/csharp/ql/src/Telemetry/SupportedExternalSources.ql @@ -10,12 +10,11 @@ private import csharp private import semmle.code.csharp.dispatch.Dispatch private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSource() and - usages = strictcount(DispatchCall c | c = api.getACall()) + api.isSource() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Telemetry/SupportedExternalTaint.ql b/csharp/ql/src/Telemetry/SupportedExternalTaint.ql index 5e8a816b3f6..3eccf73b58b 100644 --- a/csharp/ql/src/Telemetry/SupportedExternalTaint.ql +++ b/csharp/ql/src/Telemetry/SupportedExternalTaint.ql @@ -10,12 +10,11 @@ private import csharp private import semmle.code.csharp.dispatch.Dispatch private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.hasSummary() and - usages = strictcount(DispatchCall c | c = api.getACall()) + api.hasSummary() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql index 69b8793abc1..4823a4e2dbc 100644 --- a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql +++ b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql @@ -12,13 +12,12 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma private import semmle.code.csharp.dataflow.internal.NegativeSummary private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and not api.isSupported() and - not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable and - usages = strictcount(DispatchCall c | c = api.getACall()) + not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Useless code/DefaultToStringQuery.qll b/csharp/ql/src/Useless code/DefaultToStringQuery.qll index 9ba8be009da..9185756b0a9 100644 --- a/csharp/ql/src/Useless code/DefaultToStringQuery.qll +++ b/csharp/ql/src/Useless code/DefaultToStringQuery.qll @@ -6,6 +6,7 @@ import semmle.code.csharp.frameworks.System * Holds if expression `e`, of type `t`, invokes `ToString()` either explicitly * or implicitly. */ +pragma[nomagic] predicate invokesToString(Expr e, ValueOrRefType t) { // Explicit invocation exists(MethodCall mc | mc.getQualifier() = e | @@ -20,20 +21,24 @@ predicate invokesToString(Expr e, ValueOrRefType t) { // Implicit invocation via forwarder method t = e.stripCasts().getType() and not t instanceof StringType and - exists(Parameter p | - alwaysInvokesToStringOnParameter(p) and + exists(AssignableDefinitions::ImplicitParameterDefinition def, Parameter p | + def.getParameter() = p and + alwaysInvokesToString(def.getAFirstRead()) and e = p.getAnAssignedArgument() ) } -pragma[noinline] -private predicate alwaysInvokesToStringOnParameter(Parameter p) { - exists(AssignableDefinitions::ImplicitParameterDefinition def, ParameterRead pr | - def.getParameter() = p and - pr = def.getAReachableRead() and - pr.getAControlFlowNode().postDominates(p.getCallable().getEntryPoint()) and - invokesToString(pr, _) - ) +pragma[nomagic] +private predicate parameterReadPostDominatesEntry(ParameterRead pr) { + pr.getAControlFlowNode().postDominates(pr.getEnclosingCallable().getEntryPoint()) +} + +pragma[nomagic] +private predicate alwaysInvokesToString(ParameterRead pr) { + parameterReadPostDominatesEntry(pr) and + invokesToString(pr, _) + or + alwaysInvokesToString(pr.getANextRead()) } /** diff --git a/csharp/ql/src/change-notes/released/0.4.1.md b/csharp/ql/src/change-notes/released/0.4.1.md new file mode 100644 index 00000000000..f5e1dbf00ed --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.4.1.md @@ -0,0 +1,5 @@ +## 0.4.1 + +### Minor Analysis Improvements + +* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 458bfbeccff..89fa3a87180 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.0 +lastReleaseVersion: 0.4.1 diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql index 513c658cf92..8cee95a3d54 100644 --- a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql +++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql @@ -19,5 +19,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in a method of WebClient.", - source.getNode(), "User-provided value" +select sink.getNode(), source, sink, "A method of WebClient depepends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql index 27b86aa1386..53af17bb842 100644 --- a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql +++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql @@ -15,5 +15,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph from RequestForgeryConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in a server side web request.", - source.getNode(), "User-provided value" +select sink.getNode(), source, sink, "The URL of this request depends on a $@.", source.getNode(), + "user-provided value" diff --git a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs index bee97118ea8..0810516ee40 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs +++ b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs @@ -17,7 +17,7 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions { KeyEncryptionKey = myKey, KeyResolver = myKeyResolver, - KeyWrapAlgorihm = myKeyWrapAlgorithm + KeyWrapAlgorithm = myKeyWrapAlgorithm } }); @@ -28,7 +28,7 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions { KeyEncryptionKey = myKey, KeyResolver = myKeyResolver, - KeyWrapAlgorihm = myKeyWrapAlgorithm + KeyWrapAlgorithm = myKeyWrapAlgorithm } }); @@ -39,6 +39,6 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions { KeyEncryptionKey = myKey, KeyResolver = myKeyResolver, - KeyWrapAlgorihm = myKeyWrapAlgorithm + KeyWrapAlgorithm = myKeyWrapAlgorithm } }); \ No newline at end of file diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql index 57561944718..753dfb82999 100644 --- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql +++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql @@ -17,5 +17,6 @@ import JsonWebTokenHandlerLib from TokenValidationParametersProperty p, CallableAlwaysReturnsTrueHigherPrecision e where e = p.getAnAssignedValue() -select e, "JsonWebTokenHandler security-sensitive property $@ is being delegated to $@.", p, - p.getQualifiedName().toString(), e, "a callable that always returns \"true\"" +select e, + "JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns \"true\".", + p, p.getQualifiedName().toString() diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql index cfc745e5314..9c2a5d3983f 100644 --- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql +++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql @@ -1,6 +1,6 @@ /** * @name Security sensitive JsonWebTokenHandler validations are disabled - * @description Check if secruity sensitive token validations for `JsonWebTokenHandler` are being disabled. + * @description Check if security sensitive token validations for `JsonWebTokenHandler` are being disabled. * @kind problem * @tags security * JsonWebTokenHandler diff --git a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql index 4745daf6b8b..9de38f673ab 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql @@ -61,7 +61,7 @@ class DateTimeStruct extends Struct { /** * holds if the Callable is used for DateTime arithmetic operations */ - Callable getATimeSpanArtithmeticCallable() { + Callable getATimeSpanArithmeticCallable() { (result = this.getAnOperator() or result = this.getAMethod()) and result.getName() in [ "Add", "AddDays", "AddHours", "AddMilliseconds", "AddMinutes", "AddMonths", "AddSeconds", @@ -96,7 +96,7 @@ private class FlowsFromGetLastWriteTimeConfigToTimeSpanArithmeticCallable extend override predicate isSink(DataFlow::Node sink) { exists(Call call, DateTimeStruct dateTime | call.getAChild*() = sink.asExpr() and - call = dateTime.getATimeSpanArtithmeticCallable().getACall() + call = dateTime.getATimeSpanArithmeticCallable().getACall() ) } } @@ -111,7 +111,7 @@ private class FlowsFromTimeSpanArithmeticToTimeComparisonCallable extends TaintT override predicate isSource(DataFlow::Node source) { exists(DateTimeStruct dateTime, Call call | source.asExpr() = call | - call = dateTime.getATimeSpanArtithmeticCallable().getACall() + call = dateTime.getATimeSpanArithmeticCallable().getACall() ) } @@ -157,7 +157,7 @@ predicate isPotentialTimeBomb( | pathSource.getNode() = exprNode(getLastWriteTimeMethodCall) and config1.hasFlow(exprNode(getLastWriteTimeMethodCall), sink) and - timeArithmeticCall = dateTime.getATimeSpanArtithmeticCallable().getACall() and + timeArithmeticCall = dateTime.getATimeSpanArithmeticCallable().getACall() and timeArithmeticCall.getAChild*() = sink.asExpr() and config2.hasFlow(exprNode(timeArithmeticCall), sink2) and timeComparisonCall = dateTime.getAComparisonCallable().getACall() and @@ -175,6 +175,6 @@ where isPotentialTimeBomb(source, sink, getLastWriteTimeMethodCall, timeArithmeticCall, timeComparisonCall, selStatement) select selStatement, source, sink, - "Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger.", - timeComparisonCall, timeComparisonCall.toString(), timeArithmeticCall, "an offset", + "Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger.", + timeComparisonCall, timeComparisonCall.toString(), timeArithmeticCall, "offset", getLastWriteTimeMethodCall, "last modification time of a file" diff --git a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql index 14d0cc02e44..5bb8a1dc6e9 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql @@ -50,5 +50,5 @@ predicate isSuspiciousPropertyName(PropertyRead pr) { from DataFlow::PathNode src, DataFlow::PathNode sink, DataFlowFromMethodToHash conf where conf.hasFlow(src.getNode(), sink.getNode()) select src.getNode(), src, sink, - "The hash is calculated on the process name $@, may be related to a backdoor. Please review the code for possible malicious intent.", - sink.getNode(), "here" + "The hash is calculated on $@, may be related to a backdoor. Please review the code for possible malicious intent.", + sink.getNode(), "this process name" diff --git a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll index 7fc54f80b80..4c5ab431dd5 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll @@ -512,7 +512,7 @@ abstract class TranslatedElement extends TTranslatedElement { /** * If the instruction specified by `tag` has a result of type `UnknownType`, - * gets the size of the result in bytes. If the result does not have a knonwn + * gets the size of the result in bytes. If the result does not have a known * constant size, this predicate does not hold. */ int getInstructionResultSize(InstructionTag tag) { none() } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll index d95a73e4e42..1afc48d0409 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll @@ -403,7 +403,7 @@ class TranslatedGeneralCatchClause extends TranslatedClause { /** * The IR translation of a throw statement that throws an exception, - * as oposed to just rethrowing one. + * as opposed to just rethrowing one. */ class TranslatedThrowExceptionStmt extends TranslatedStmt, InitializationContext { override ThrowStmt stmt; diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index d65ee10f402..efc927a05e6 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -64,7 +64,7 @@ private module Cached { or instr = reusedPhiInstruction(_) and // Check that the phi instruction is *not* degenerate, but we can't use - // getDegeneratePhiOperand in the first stage with phi instyructions + // getDegeneratePhiOperand in the first stage with phi instructions not exists( unique(OldIR::PhiInputOperand operand | operand = instr.(OldIR::PhiInstruction).getAnInputOperand() and @@ -718,7 +718,7 @@ module DefUse { } /** - * Gets the rank index of a hyphothetical use one instruction past the end of + * Gets the rank index of a hypothetical use one instruction past the end of * the block. This index can be used to determine if a definition reaches the * end of the block, even if the definition is the last instruction in the * block. diff --git a/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql b/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql index 1b19740e3ae..6332dfc515c 100644 --- a/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql +++ b/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql @@ -1,6 +1,6 @@ /** * @name Usage of unsupported external library API - * @description A call to an unsuppported external library API. + * @description A call to an unsupported external library API. * @kind problem * @problem.severity recommendation * @tags meta diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index e2721c02552..682028cf7cc 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.4.1-dev +version: 0.4.2-dev groups: - csharp - queries diff --git a/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll b/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll index 82c6fbd1bbb..82ac94c8fc4 100644 --- a/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll +++ b/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll @@ -247,7 +247,7 @@ string captureSource(DataFlowTargetApi api) { * A TaintTracking Configuration used for tracking flow through APIs. * The sources are the parameters of the API and the fields of the enclosing type. * - * This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field) + * This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field) * into an existing known sink (then the API itself becomes a sink). */ private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific { diff --git a/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll b/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll index 3b0a33336c0..bd8b227e76f 100644 --- a/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll +++ b/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll @@ -131,7 +131,7 @@ private CS::Parameter getParameter(DataFlowImplCommon::ReturnNodeExt node, Param } /** - * Gets the CSV string represention of the the return node `node`. + * Gets the CSV string representation of the the return node `node`. */ string returnNodeAsOutput(DataFlowImplCommon::ReturnNodeExt node) { if node.getKind() instanceof DataFlowImplCommon::ValueReturnKind diff --git a/csharp/ql/test/experimental/CWE-918/RequestForgery.expected b/csharp/ql/test/experimental/CWE-918/RequestForgery.expected index 70ba2594fdf..fb85f080a4c 100644 --- a/csharp/ql/test/experimental/CWE-918/RequestForgery.expected +++ b/csharp/ql/test/experimental/CWE-918/RequestForgery.expected @@ -5,4 +5,4 @@ nodes | RequestForgery.cs:16:66:16:68 | access to parameter url | semmle.label | access to parameter url | subpaths #select -| RequestForgery.cs:16:66:16:68 | access to parameter url | RequestForgery.cs:14:52:14:54 | url : String | RequestForgery.cs:16:66:16:68 | access to parameter url | $@ flows to here and is used in a server side web request. | RequestForgery.cs:14:52:14:54 | url | User-provided value | +| RequestForgery.cs:16:66:16:68 | access to parameter url | RequestForgery.cs:14:52:14:54 | url : String | RequestForgery.cs:16:66:16:68 | access to parameter url | The URL of this request depends on a $@. | RequestForgery.cs:14:52:14:54 | url | user-provided value | diff --git a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.expected b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.expected index dc224c9586e..a76e9660cec 100644 --- a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.expected +++ b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.expected @@ -1,7 +1,7 @@ -| delegation-test.cs:101:63:101:186 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to $@. | stubs.cs:54:34:54:50 | LifetimeValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.LifetimeValidator | delegation-test.cs:101:63:101:186 | (...) => ... | a callable that always returns "true" | -| delegation-test.cs:102:63:102:178 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to $@. | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | delegation-test.cs:102:63:102:178 | (...) => ... | a callable that always returns "true" | -| delegation-test.cs:115:63:115:190 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to $@. | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | delegation-test.cs:115:63:115:190 | (...) => ... | a callable that always returns "true" | -| delegation-test.cs:116:63:116:180 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to $@. | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | delegation-test.cs:116:63:116:180 | (...) => ... | a callable that always returns "true" | -| delegation-test.cs:117:63:117:217 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to $@. | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | delegation-test.cs:117:63:117:217 | (...) => ... | a callable that always returns "true" | -| delegation-test.cs:118:63:118:248 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to $@. | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | delegation-test.cs:118:63:118:248 | (...) => ... | a callable that always returns "true" | -| delegation-test.cs:119:63:119:177 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to $@. | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | delegation-test.cs:119:63:119:177 | (...) => ... | a callable that always returns "true" | +| delegation-test.cs:101:63:101:186 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns "true". | stubs.cs:54:34:54:50 | LifetimeValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.LifetimeValidator | +| delegation-test.cs:102:63:102:178 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns "true". | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | +| delegation-test.cs:115:63:115:190 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns "true". | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | +| delegation-test.cs:116:63:116:180 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns "true". | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | +| delegation-test.cs:117:63:117:217 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns "true". | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | +| delegation-test.cs:118:63:118:248 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns "true". | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | +| delegation-test.cs:119:63:119:177 | (...) => ... | JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns "true". | stubs.cs:55:34:55:50 | AudienceValidator | Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator | diff --git a/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.expected b/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.expected index 490a71b0c0c..4eef156a292 100644 --- a/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.expected +++ b/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.expected @@ -10,10 +10,10 @@ edges | test.cs:70:36:70:70 | call to method AddHours : DateTime | test.cs:70:13:70:71 | call to method CompareTo | | test.cs:70:36:70:70 | call to method AddHours : DateTime | test.cs:70:13:70:71 | call to method CompareTo : Int32 | #select -| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:71 | call to method CompareTo | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | -| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:71 | call to method CompareTo : Int32 | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | -| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:76 | ... >= ... | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | -| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:76 | ... >= ... : Boolean | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | +| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:71 | call to method CompareTo | Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | +| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:71 | call to method CompareTo : Int32 | Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | +| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:76 | ... >= ... | Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | +| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:76 | ... >= ... : Boolean | Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file | nodes | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | semmle.label | call to method GetLastWriteTime : DateTime | | test.cs:70:13:70:71 | call to method CompareTo | semmle.label | call to method CompareTo | diff --git a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.expected b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.expected index 107f4e418f0..76c0724bb40 100644 --- a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.expected +++ b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.expected @@ -1,5 +1,5 @@ | ClassDoesNotImplementEquals.cs:4:7:4:15 | Incorrect | Class 'Incorrect' does not implement Equals(object), but it implements $@. | ClassDoesNotImplementEquals.cs:6:33:6:34 | == | operator == | +| ClassDoesNotImplementEquals.cs:24:7:24:24 | IncorrectOverrides | Class 'IncorrectOverrides' does not implement Equals(object), but $@. | ClassDoesNotImplementEquals.cs:42:17:42:53 | call to method Equals | 'Equals' is called on an instance of this class | | ClassDoesNotImplementEquals.cs:24:7:24:24 | IncorrectOverrides | Class 'IncorrectOverrides' does not implement Equals(object), but it implements $@. | ClassDoesNotImplementEquals.cs:26:33:26:34 | == | operator == | -| ClassDoesNotImplementEquals.cs:24:7:24:24 | IncorrectOverrides | Class 'IncorrectOverrides' does not implement Equals(object), but it is called $@. | ClassDoesNotImplementEquals.cs:42:17:42:53 | call to method Equals | here | | ClassDoesNotImplementEquals.cs:50:7:50:17 | MyEquatable | Class 'MyEquatable' does not implement Equals(object), but it implements $@. | ClassDoesNotImplementEquals.cs:52:17:52:22 | Equals | IEquatable.Equals | -| ClassDoesNotImplementEqualsBad.cs:24:11:24:21 | GasolineCar | Class 'GasolineCar' does not implement Equals(object), but it is called $@. | ClassDoesNotImplementEqualsBad.cs:38:38:38:54 | call to method Equals | here | +| ClassDoesNotImplementEqualsBad.cs:24:11:24:21 | GasolineCar | Class 'GasolineCar' does not implement Equals(object), but $@. | ClassDoesNotImplementEqualsBad.cs:38:38:38:54 | call to method Equals | 'Equals' is called on an instance of this class | diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected index 9894cc8790a..e96638e6076 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected @@ -1,5 +1,5 @@ -| NoDisposeCallOnLocalIDisposable.cs:50:19:50:38 | object creation of type Timer | Disposable 'Timer' is created here but is not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:51:18:51:73 | object creation of type FileStream | Disposable 'FileStream' is created here but is not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:52:9:52:64 | object creation of type FileStream | Disposable 'FileStream' is created here but is not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:74:25:74:71 | call to method Create | Disposable 'XmlReader' is created here but is not disposed. | -| NoDisposeCallOnLocalIDisposableBad.cs:8:22:8:56 | object creation of type FileStream | Disposable 'FileStream' is created here but is not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:50:19:50:38 | object creation of type Timer | Disposable 'Timer' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:51:18:51:73 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:52:9:52:64 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:74:25:74:71 | call to method Create | Disposable 'XmlReader' is created but not disposed. | +| NoDisposeCallOnLocalIDisposableBad.cs:8:22:8:56 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | diff --git a/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.expected b/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.expected index 28f9f8bb94c..9e2c2e0c820 100644 --- a/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.expected +++ b/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.expected @@ -1,2 +1,2 @@ -| SynchSetUnsynchGet.cs:9:9:9:20 | BadProperty1 | Field '$@' is guarded by a lock in the setter but not in the getter. | SynchSetUnsynchGet.cs:5:9:5:17 | property1 | property1 | -| SynchSetUnsynchGet.cs:23:9:23:20 | BadProperty2 | Field '$@' is guarded by a lock in the setter but not in the getter. | SynchSetUnsynchGet.cs:5:9:5:17 | property1 | property1 | +| SynchSetUnsynchGet.cs:9:9:9:20 | BadProperty1 | Field $@ is guarded by a lock in the setter but not in the getter. | SynchSetUnsynchGet.cs:5:9:5:17 | property1 | property1 | +| SynchSetUnsynchGet.cs:23:9:23:20 | BadProperty2 | Field $@ is guarded by a lock in the setter but not in the getter. | SynchSetUnsynchGet.cs:5:9:5:17 | property1 | property1 | diff --git a/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.expected b/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.expected index e6cb8e7043b..854ce5c1c8f 100644 --- a/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.expected +++ b/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.expected @@ -1,2 +1,2 @@ -| NonAssignedFields.cs:87:9:87:22 | BadNonAssigned | The field 'BadNonAssigned' is never explicitly assigned a value, yet it is read $@. | NonAssignedFields.cs:109:20:109:33 | access to field BadNonAssigned | here | -| NonAssignedFields.cs:88:12:88:26 | BadAssignedNull | The field 'BadAssignedNull' is never explicitly assigned a value, yet it is read $@. | NonAssignedFields.cs:113:13:113:27 | access to field BadAssignedNull | here | +| NonAssignedFields.cs:87:9:87:22 | BadNonAssigned | The field 'BadNonAssigned' is never explicitly assigned a value, yet $@. | NonAssignedFields.cs:109:20:109:33 | access to field BadNonAssigned | the field is read | +| NonAssignedFields.cs:88:12:88:26 | BadAssignedNull | The field 'BadAssignedNull' is never explicitly assigned a value, yet $@. | NonAssignedFields.cs:113:13:113:27 | access to field BadAssignedNull | the field is read | diff --git a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.expected b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.expected index 6210e7f928a..de8109fc505 100644 --- a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.expected +++ b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.expected @@ -1,5 +1,5 @@ -| deadcode.cs:85:7:85:11 | Field | Unused field (or field used from dead method only) | -| regression.cs:7:20:7:23 | dead | Unused field (or field used from dead method only) | -| regression.cs:113:9:113:17 | deadField | Unused field (or field used from dead method only) | -| regression.cs:116:9:116:24 | deadWrittenField | Unused field (or field used from dead method only) | -| regression.cs:129:9:129:17 | deadField | Unused field (or field used from dead method only) | +| deadcode.cs:85:7:85:11 | Field | Unused field (or field used from dead method only). | +| regression.cs:7:20:7:23 | dead | Unused field (or field used from dead method only). | +| regression.cs:113:9:113:17 | deadField | Unused field (or field used from dead method only). | +| regression.cs:116:9:116:24 | deadWrittenField | Unused field (or field used from dead method only). | +| regression.cs:129:9:129:17 | deadField | Unused field (or field used from dead method only). | diff --git a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.expected b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.expected index 081fb380a25..e868944473c 100644 --- a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.expected +++ b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.expected @@ -1,6 +1,6 @@ -| regression.cs:51:18:51:33 | ActualDeadMethod | Unused method (or method called from dead method only) | -| regression.cs:60:18:60:37 | NotDynamicallyCalled | Unused method (or method called from dead method only) | -| regression.cs:77:10:77:19 | DeadCaller | Unused method (or method called from dead method only) | -| regression.cs:84:10:84:23 | DeadGeneric<> | Unused method (or method called from dead method only) | -| regression.cs:105:10:105:21 | DeadGeneric1 | Unused method (or method called from dead method only) | -| regression.cs:110:10:110:24 | DeadGeneric2<> | Unused method (or method called from dead method only) | +| regression.cs:51:18:51:33 | ActualDeadMethod | Unused method (or method called from dead method only). | +| regression.cs:60:18:60:37 | NotDynamicallyCalled | Unused method (or method called from dead method only). | +| regression.cs:77:10:77:19 | DeadCaller | Unused method (or method called from dead method only). | +| regression.cs:84:10:84:23 | DeadGeneric<> | Unused method (or method called from dead method only). | +| regression.cs:105:10:105:21 | DeadGeneric1 | Unused method (or method called from dead method only). | +| regression.cs:110:10:110:24 | DeadGeneric2<> | Unused method (or method called from dead method only). | diff --git a/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.expected b/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.expected index 4be5dbe7f3a..38127a4a764 100644 --- a/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.expected +++ b/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.expected @@ -1,2 +1,2 @@ -| ForeachCapture.cs:14:23:14:31 | (...) => ... | Function which may be stored in $@ captures variable $@ | ForeachCapture.cs:7:22:7:27 | event1 | event1 | ForeachCapture.cs:11:22:11:24 | arg | arg | -| ForeachCapture.cs:24:30:24:38 | (...) => ... | Function which may be stored in $@ captures variable $@ | ForeachCapture.cs:41:22:41:28 | actions | actions | ForeachCapture.cs:11:22:11:24 | arg | arg | +| ForeachCapture.cs:14:23:14:31 | (...) => ... | Function which may be stored in $@ captures variable $@. | ForeachCapture.cs:7:22:7:27 | event1 | event1 | ForeachCapture.cs:11:22:11:24 | arg | arg | +| ForeachCapture.cs:24:30:24:38 | (...) => ... | Function which may be stored in $@ captures variable $@. | ForeachCapture.cs:41:22:41:28 | actions | actions | ForeachCapture.cs:11:22:11:24 | arg | arg | diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.expected b/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.expected index f67e589d984..d78a6de3769 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.expected +++ b/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.expected @@ -1 +1 @@ -| UselessIsBeforeAs.cs:8:21:8:31 | ... as ... | This 'as' expression performs a type test - it should be directly compared against null, rendering the 'is' $@ potentially redundant. | UselessIsBeforeAs.cs:5:13:5:23 | ... is ... | here | +| UselessIsBeforeAs.cs:8:21:8:31 | ... as ... | This 'as' expression performs a type test - it should be directly compared against null, rendering the $@ potentially redundant. | UselessIsBeforeAs.cs:5:13:5:23 | ... is ... | is | diff --git a/csharp/ql/test/query-tests/Nullness/NullAlways.expected b/csharp/ql/test/query-tests/Nullness/NullAlways.expected index 7a546051436..4c2d21d4fca 100644 --- a/csharp/ql/test/query-tests/Nullness/NullAlways.expected +++ b/csharp/ql/test/query-tests/Nullness/NullAlways.expected @@ -1,42 +1,42 @@ -| A.cs:8:15:8:32 | access to local variable synchronizedAlways | Variable $@ is always null here. | A.cs:7:16:7:33 | synchronizedAlways | synchronizedAlways | -| A.cs:17:9:17:17 | access to local variable arrayNull | Variable $@ is always null here. | A.cs:16:15:16:23 | arrayNull | arrayNull | -| A.cs:31:27:31:37 | access to local variable arrayAccess | Variable $@ is always null here. | A.cs:26:15:26:25 | arrayAccess | arrayAccess | -| A.cs:32:27:32:37 | access to local variable fieldAccess | Variable $@ is always null here. | A.cs:27:18:27:28 | fieldAccess | fieldAccess | -| A.cs:33:28:33:39 | access to local variable methodAccess | Variable $@ is always null here. | A.cs:28:16:28:27 | methodAccess | methodAccess | -| A.cs:34:27:34:36 | access to local variable methodCall | Variable $@ is always null here. | A.cs:29:16:29:25 | methodCall | methodCall | -| A.cs:50:9:50:14 | access to local variable varRef | Variable $@ is always null here. | A.cs:48:16:48:21 | varRef | varRef | -| Assert.cs:15:27:15:27 | access to local variable s | Variable $@ is always null here. | Assert.cs:9:16:9:16 | s | s | -| Assert.cs:23:27:23:27 | access to local variable s | Variable $@ is always null here. | Assert.cs:9:16:9:16 | s | s | -| Assert.cs:31:27:31:27 | access to local variable s | Variable $@ is always null here. | Assert.cs:9:16:9:16 | s | s | -| Assert.cs:47:27:47:27 | access to local variable s | Variable $@ is always null here. | Assert.cs:9:16:9:16 | s | s | -| Assert.cs:51:27:51:27 | access to local variable s | Variable $@ is always null here. | Assert.cs:9:16:9:16 | s | s | -| B.cs:13:13:13:24 | access to local variable eqCallAlways | Variable $@ is always null here. | B.cs:7:11:7:22 | eqCallAlways | eqCallAlways | -| B.cs:24:13:24:25 | access to local variable neqCallAlways | Variable $@ is always null here. | B.cs:10:11:10:23 | neqCallAlways | neqCallAlways | -| C.cs:18:13:18:13 | access to local variable o | Variable $@ is always null here. | C.cs:10:16:10:16 | o | o | -| C.cs:42:9:42:9 | access to local variable s | Variable $@ is always null here. | C.cs:40:13:40:13 | s | s | -| C.cs:57:9:57:10 | access to local variable o2 | Variable $@ is always null here. | C.cs:55:13:55:14 | o2 | o2 | -| C.cs:162:13:162:13 | access to local variable s | Variable $@ is always null here. | C.cs:151:13:151:13 | s | s | -| C.cs:170:13:170:13 | access to local variable s | Variable $@ is always null here. | C.cs:151:13:151:13 | s | s | -| C.cs:196:13:196:13 | access to local variable s | Variable $@ is always null here. | C.cs:185:13:185:13 | s | s | -| C.cs:218:13:218:13 | access to local variable s | Variable $@ is always null here. | C.cs:210:13:210:13 | s | s | -| C.cs:233:9:233:9 | access to local variable s | Variable $@ is always null here. | C.cs:228:16:228:16 | s | s | -| C.cs:237:13:237:13 | access to local variable s | Variable $@ is always null here. | C.cs:228:16:228:16 | s | s | -| C.cs:249:9:249:9 | access to local variable a | Variable $@ is always null here. | C.cs:248:15:248:15 | a | a | -| C.cs:260:9:260:10 | access to local variable ia | Variable $@ is always null here. | C.cs:257:15:257:16 | ia | ia | -| C.cs:261:20:261:21 | access to local variable sa | Variable $@ is always null here. | C.cs:258:18:258:19 | sa | sa | -| D.cs:120:13:120:13 | access to local variable x | Variable $@ is always null here. | D.cs:117:13:117:13 | x | x | -| D.cs:197:13:197:13 | access to local variable o | Variable $@ is always null here. | D.cs:195:13:195:13 | o | o | -| D.cs:207:17:207:17 | access to local variable e | Variable $@ is always null here. | D.cs:204:26:204:26 | e | e | -| D.cs:217:13:217:14 | access to local variable o3 | Variable $@ is always null here. | D.cs:215:13:215:14 | o3 | o3 | -| D.cs:222:13:222:14 | access to local variable o4 | Variable $@ is always null here. | D.cs:220:13:220:14 | o4 | o4 | -| D.cs:385:13:385:15 | access to local variable ioe | Variable $@ is always null here. | D.cs:378:19:378:21 | ioe | ioe | -| E.cs:210:16:210:16 | access to parameter s | Variable $@ is always null here. | E.cs:206:28:206:28 | s | s | -| E.cs:220:13:220:13 | access to local variable x | Variable $@ is always null here. | E.cs:215:13:215:13 | x | x | -| E.cs:229:13:229:13 | access to local variable x | Variable $@ is always null here. | E.cs:225:13:225:13 | x | x | -| E.cs:323:13:323:14 | access to parameter s1 | Variable $@ is always null here. | E.cs:319:29:319:30 | s1 | s1 | -| E.cs:324:13:324:14 | access to parameter s2 | Variable $@ is always null here. | E.cs:319:40:319:41 | s2 | s2 | -| E.cs:331:9:331:9 | access to local variable x | Variable $@ is always null here. | E.cs:330:13:330:13 | x | x | -| E.cs:405:16:405:16 | access to local variable i | Variable $@ is always null here. | E.cs:403:14:403:14 | i | i | -| Forwarding.cs:36:31:36:31 | access to local variable s | Variable $@ is always null here. | Forwarding.cs:7:16:7:16 | s | s | -| Forwarding.cs:40:27:40:27 | access to local variable s | Variable $@ is always null here. | Forwarding.cs:7:16:7:16 | s | s | -| NullAlwaysBad.cs:9:30:9:30 | access to parameter s | Variable $@ is always null here. | NullAlwaysBad.cs:7:29:7:29 | s | s | +| A.cs:8:15:8:32 | access to local variable synchronizedAlways | Variable $@ is always null at this dereference. | A.cs:7:16:7:33 | synchronizedAlways | synchronizedAlways | +| A.cs:17:9:17:17 | access to local variable arrayNull | Variable $@ is always null at this dereference. | A.cs:16:15:16:23 | arrayNull | arrayNull | +| A.cs:31:27:31:37 | access to local variable arrayAccess | Variable $@ is always null at this dereference. | A.cs:26:15:26:25 | arrayAccess | arrayAccess | +| A.cs:32:27:32:37 | access to local variable fieldAccess | Variable $@ is always null at this dereference. | A.cs:27:18:27:28 | fieldAccess | fieldAccess | +| A.cs:33:28:33:39 | access to local variable methodAccess | Variable $@ is always null at this dereference. | A.cs:28:16:28:27 | methodAccess | methodAccess | +| A.cs:34:27:34:36 | access to local variable methodCall | Variable $@ is always null at this dereference. | A.cs:29:16:29:25 | methodCall | methodCall | +| A.cs:50:9:50:14 | access to local variable varRef | Variable $@ is always null at this dereference. | A.cs:48:16:48:21 | varRef | varRef | +| Assert.cs:15:27:15:27 | access to local variable s | Variable $@ is always null at this dereference. | Assert.cs:9:16:9:16 | s | s | +| Assert.cs:23:27:23:27 | access to local variable s | Variable $@ is always null at this dereference. | Assert.cs:9:16:9:16 | s | s | +| Assert.cs:31:27:31:27 | access to local variable s | Variable $@ is always null at this dereference. | Assert.cs:9:16:9:16 | s | s | +| Assert.cs:47:27:47:27 | access to local variable s | Variable $@ is always null at this dereference. | Assert.cs:9:16:9:16 | s | s | +| Assert.cs:51:27:51:27 | access to local variable s | Variable $@ is always null at this dereference. | Assert.cs:9:16:9:16 | s | s | +| B.cs:13:13:13:24 | access to local variable eqCallAlways | Variable $@ is always null at this dereference. | B.cs:7:11:7:22 | eqCallAlways | eqCallAlways | +| B.cs:24:13:24:25 | access to local variable neqCallAlways | Variable $@ is always null at this dereference. | B.cs:10:11:10:23 | neqCallAlways | neqCallAlways | +| C.cs:18:13:18:13 | access to local variable o | Variable $@ is always null at this dereference. | C.cs:10:16:10:16 | o | o | +| C.cs:42:9:42:9 | access to local variable s | Variable $@ is always null at this dereference. | C.cs:40:13:40:13 | s | s | +| C.cs:57:9:57:10 | access to local variable o2 | Variable $@ is always null at this dereference. | C.cs:55:13:55:14 | o2 | o2 | +| C.cs:162:13:162:13 | access to local variable s | Variable $@ is always null at this dereference. | C.cs:151:13:151:13 | s | s | +| C.cs:170:13:170:13 | access to local variable s | Variable $@ is always null at this dereference. | C.cs:151:13:151:13 | s | s | +| C.cs:196:13:196:13 | access to local variable s | Variable $@ is always null at this dereference. | C.cs:185:13:185:13 | s | s | +| C.cs:218:13:218:13 | access to local variable s | Variable $@ is always null at this dereference. | C.cs:210:13:210:13 | s | s | +| C.cs:233:9:233:9 | access to local variable s | Variable $@ is always null at this dereference. | C.cs:228:16:228:16 | s | s | +| C.cs:237:13:237:13 | access to local variable s | Variable $@ is always null at this dereference. | C.cs:228:16:228:16 | s | s | +| C.cs:249:9:249:9 | access to local variable a | Variable $@ is always null at this dereference. | C.cs:248:15:248:15 | a | a | +| C.cs:260:9:260:10 | access to local variable ia | Variable $@ is always null at this dereference. | C.cs:257:15:257:16 | ia | ia | +| C.cs:261:20:261:21 | access to local variable sa | Variable $@ is always null at this dereference. | C.cs:258:18:258:19 | sa | sa | +| D.cs:120:13:120:13 | access to local variable x | Variable $@ is always null at this dereference. | D.cs:117:13:117:13 | x | x | +| D.cs:197:13:197:13 | access to local variable o | Variable $@ is always null at this dereference. | D.cs:195:13:195:13 | o | o | +| D.cs:207:17:207:17 | access to local variable e | Variable $@ is always null at this dereference. | D.cs:204:26:204:26 | e | e | +| D.cs:217:13:217:14 | access to local variable o3 | Variable $@ is always null at this dereference. | D.cs:215:13:215:14 | o3 | o3 | +| D.cs:222:13:222:14 | access to local variable o4 | Variable $@ is always null at this dereference. | D.cs:220:13:220:14 | o4 | o4 | +| D.cs:385:13:385:15 | access to local variable ioe | Variable $@ is always null at this dereference. | D.cs:378:19:378:21 | ioe | ioe | +| E.cs:210:16:210:16 | access to parameter s | Variable $@ is always null at this dereference. | E.cs:206:28:206:28 | s | s | +| E.cs:220:13:220:13 | access to local variable x | Variable $@ is always null at this dereference. | E.cs:215:13:215:13 | x | x | +| E.cs:229:13:229:13 | access to local variable x | Variable $@ is always null at this dereference. | E.cs:225:13:225:13 | x | x | +| E.cs:323:13:323:14 | access to parameter s1 | Variable $@ is always null at this dereference. | E.cs:319:29:319:30 | s1 | s1 | +| E.cs:324:13:324:14 | access to parameter s2 | Variable $@ is always null at this dereference. | E.cs:319:40:319:41 | s2 | s2 | +| E.cs:331:9:331:9 | access to local variable x | Variable $@ is always null at this dereference. | E.cs:330:13:330:13 | x | x | +| E.cs:405:16:405:16 | access to local variable i | Variable $@ is always null at this dereference. | E.cs:403:14:403:14 | i | i | +| Forwarding.cs:36:31:36:31 | access to local variable s | Variable $@ is always null at this dereference. | Forwarding.cs:7:16:7:16 | s | s | +| Forwarding.cs:40:27:40:27 | access to local variable s | Variable $@ is always null at this dereference. | Forwarding.cs:7:16:7:16 | s | s | +| NullAlwaysBad.cs:9:30:9:30 | access to parameter s | Variable $@ is always null at this dereference. | NullAlwaysBad.cs:7:29:7:29 | s | s | diff --git a/csharp/ql/test/query-tests/Nullness/NullMaybe.expected b/csharp/ql/test/query-tests/Nullness/NullMaybe.expected index 39bc2d17684..e0721446b2f 100644 --- a/csharp/ql/test/query-tests/Nullness/NullMaybe.expected +++ b/csharp/ql/test/query-tests/Nullness/NullMaybe.expected @@ -829,88 +829,88 @@ edges | StringConcatenation.cs:14:16:14:23 | SSA def(s) | StringConcatenation.cs:15:16:15:16 | access to local variable s | | StringConcatenation.cs:15:16:15:16 | access to local variable s | StringConcatenation.cs:16:17:16:17 | access to local variable s | #select -| C.cs:64:9:64:10 | access to local variable o1 | C.cs:62:13:62:46 | SSA def(o1) | C.cs:64:9:64:10 | access to local variable o1 | Variable $@ may be null here because of $@ assignment. | C.cs:62:13:62:14 | o1 | o1 | C.cs:62:13:62:46 | Object o1 = ... | this | -| C.cs:68:9:68:10 | access to local variable o2 | C.cs:66:13:66:46 | SSA def(o2) | C.cs:68:9:68:10 | access to local variable o2 | Variable $@ may be null here because of $@ assignment. | C.cs:66:13:66:14 | o2 | o2 | C.cs:66:13:66:46 | Object o2 = ... | this | -| C.cs:95:15:95:15 | access to local variable o | C.cs:94:13:94:45 | SSA def(o) | C.cs:95:15:95:15 | access to local variable o | Variable $@ may be null here because of $@ assignment. | C.cs:94:13:94:13 | o | o | C.cs:94:13:94:45 | Object o = ... | this | -| C.cs:103:27:103:30 | access to parameter list | C.cs:102:13:102:23 | SSA def(list) | C.cs:103:27:103:30 | access to parameter list | Variable $@ may be null here because of $@ assignment. | C.cs:99:42:99:45 | list | list | C.cs:102:13:102:23 | ... = ... | this | -| C.cs:177:13:177:13 | access to local variable s | C.cs:178:13:178:20 | SSA def(s) | C.cs:177:13:177:13 | access to local variable s | Variable $@ may be null here because of $@ assignment. | C.cs:151:13:151:13 | s | s | C.cs:178:13:178:20 | ... = ... | this | -| C.cs:203:13:203:13 | access to local variable s | C.cs:204:13:204:20 | SSA def(s) | C.cs:203:13:203:13 | access to local variable s | Variable $@ may be null here because of $@ assignment. | C.cs:185:13:185:13 | s | s | C.cs:204:13:204:20 | ... = ... | this | -| C.cs:223:9:223:9 | access to local variable s | C.cs:222:13:222:20 | SSA def(s) | C.cs:223:9:223:9 | access to local variable s | Variable $@ may be null here because of $@ assignment. | C.cs:210:13:210:13 | s | s | C.cs:222:13:222:20 | ... = ... | this | -| C.cs:242:13:242:13 | access to local variable s | C.cs:240:24:240:31 | SSA def(s) | C.cs:242:13:242:13 | access to local variable s | Variable $@ may be null here because of $@ assignment. | C.cs:228:16:228:16 | s | s | C.cs:240:24:240:31 | ... = ... | this | -| D.cs:23:9:23:13 | access to parameter param | D.cs:17:17:17:20 | null | D.cs:23:9:23:13 | access to parameter param | Variable $@ may be null here because of $@ null argument. | D.cs:21:32:21:36 | param | param | D.cs:17:17:17:20 | null | this | -| D.cs:32:9:32:13 | access to parameter param | D.cs:26:32:26:36 | SSA param(param) | D.cs:32:9:32:13 | access to parameter param | Variable $@ may be null here as suggested by $@ null check. | D.cs:26:32:26:36 | param | param | D.cs:28:13:28:25 | ... != ... | this | -| D.cs:62:13:62:14 | access to local variable o5 | D.cs:58:13:58:41 | SSA def(o5) | D.cs:62:13:62:14 | access to local variable o5 | Variable $@ may be null here because of $@ assignment. | D.cs:58:13:58:14 | o5 | o5 | D.cs:58:13:58:41 | String o5 = ... | this | -| D.cs:73:13:73:14 | access to local variable o7 | D.cs:68:13:68:34 | SSA def(o7) | D.cs:73:13:73:14 | access to local variable o7 | Variable $@ may be null here because of $@ assignment. | D.cs:68:13:68:14 | o7 | o7 | D.cs:68:13:68:34 | String o7 = ... | this | -| D.cs:82:13:82:14 | access to local variable o8 | D.cs:75:13:75:34 | SSA def(o8) | D.cs:82:13:82:14 | access to local variable o8 | Variable $@ may be null here because of $@ assignment. | D.cs:75:13:75:14 | o8 | o8 | D.cs:75:13:75:34 | String o8 = ... | this | -| D.cs:84:13:84:14 | access to local variable o8 | D.cs:75:13:75:34 | SSA def(o8) | D.cs:84:13:84:14 | access to local variable o8 | Variable $@ may be null here because of $@ assignment. | D.cs:75:13:75:14 | o8 | o8 | D.cs:75:13:75:34 | String o8 = ... | this | -| D.cs:91:13:91:14 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:91:13:91:14 | access to local variable xs | Variable $@ may be null here because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | -| D.cs:94:21:94:22 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:94:21:94:22 | access to local variable xs | Variable $@ may be null here because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | -| D.cs:98:21:98:22 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:98:21:98:22 | access to local variable xs | Variable $@ may be null here because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | -| D.cs:102:31:102:32 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:102:31:102:32 | access to local variable xs | Variable $@ may be null here because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | -| D.cs:105:19:105:20 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:105:19:105:20 | access to local variable xs | Variable $@ may be null here because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | -| D.cs:134:24:134:24 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:134:24:134:24 | access to parameter a | Variable $@ may be null here as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:127:20:127:28 | ... == ... | this | -| D.cs:134:24:134:24 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:134:24:134:24 | access to parameter a | Variable $@ may be null here as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:139:13:139:21 | ... != ... | this | -| D.cs:135:24:135:24 | access to parameter b | D.cs:125:44:125:44 | SSA param(b) | D.cs:135:24:135:24 | access to parameter b | Variable $@ may be null here as suggested by $@ null check. | D.cs:125:44:125:44 | b | b | D.cs:128:20:128:28 | ... == ... | this | -| D.cs:145:20:145:20 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:145:20:145:20 | access to parameter a | Variable $@ may be null here as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:127:20:127:28 | ... == ... | this | -| D.cs:145:20:145:20 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:145:20:145:20 | access to parameter a | Variable $@ may be null here as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:139:13:139:21 | ... != ... | this | -| D.cs:151:9:151:11 | access to parameter obj | D.cs:149:36:149:38 | SSA param(obj) | D.cs:151:9:151:11 | access to parameter obj | Variable $@ may be null here as suggested by $@ null check. | D.cs:149:36:149:38 | obj | obj | D.cs:152:17:152:27 | ... != ... | this | -| D.cs:171:9:171:11 | access to local variable obj | D.cs:163:16:163:25 | SSA def(obj) | D.cs:171:9:171:11 | access to local variable obj | Variable $@ may be null here because of $@ assignment. | D.cs:163:16:163:18 | obj | obj | D.cs:163:16:163:25 | Object obj = ... | this | -| D.cs:245:13:245:13 | access to local variable o | D.cs:240:9:240:16 | SSA def(o) | D.cs:245:13:245:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | D.cs:228:16:228:16 | o | o | D.cs:240:9:240:16 | ... = ... | this | -| D.cs:247:13:247:13 | access to local variable o | D.cs:240:9:240:16 | SSA def(o) | D.cs:247:13:247:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | D.cs:228:16:228:16 | o | o | D.cs:240:9:240:16 | ... = ... | this | -| D.cs:253:13:253:14 | access to local variable o2 | D.cs:249:13:249:38 | SSA def(o2) | D.cs:253:13:253:14 | access to local variable o2 | Variable $@ may be null here because of $@ assignment. | D.cs:249:13:249:14 | o2 | o2 | D.cs:249:13:249:38 | String o2 = ... | this | -| D.cs:267:13:267:13 | access to local variable o | D.cs:258:16:258:23 | SSA def(o) | D.cs:267:13:267:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:258:16:258:23 | Object o = ... | this | -| D.cs:291:13:291:13 | access to local variable o | D.cs:269:9:269:16 | SSA def(o) | D.cs:291:13:291:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:269:9:269:16 | ... = ... | this | -| D.cs:291:13:291:13 | access to local variable o | D.cs:283:17:283:24 | SSA def(o) | D.cs:291:13:291:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:283:17:283:24 | ... = ... | this | -| D.cs:294:13:294:13 | access to local variable o | D.cs:269:9:269:16 | SSA def(o) | D.cs:294:13:294:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:269:9:269:16 | ... = ... | this | -| D.cs:294:13:294:13 | access to local variable o | D.cs:283:17:283:24 | SSA def(o) | D.cs:294:13:294:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:283:17:283:24 | ... = ... | this | -| D.cs:300:17:300:20 | access to local variable prev | D.cs:296:16:296:26 | SSA def(prev) | D.cs:300:17:300:20 | access to local variable prev | Variable $@ may be null here because of $@ assignment. | D.cs:296:16:296:19 | prev | prev | D.cs:296:16:296:26 | Object prev = ... | this | -| D.cs:313:17:313:17 | access to local variable s | D.cs:304:16:304:23 | SSA def(s) | D.cs:313:17:313:17 | access to local variable s | Variable $@ may be null here because of $@ assignment. | D.cs:304:16:304:16 | s | s | D.cs:304:16:304:23 | String s = ... | this | -| D.cs:324:9:324:9 | access to local variable r | D.cs:316:16:316:23 | SSA def(r) | D.cs:324:9:324:9 | access to local variable r | Variable $@ may be null here because of $@ assignment. | D.cs:316:16:316:16 | r | r | D.cs:316:16:316:23 | Object r = ... | this | -| D.cs:356:13:356:13 | access to local variable a | D.cs:351:15:351:22 | SSA def(a) | D.cs:356:13:356:13 | access to local variable a | Variable $@ may be null here because of $@ assignment. | D.cs:351:15:351:15 | a | a | D.cs:351:15:351:22 | Int32[] a = ... | this | -| D.cs:363:13:363:16 | access to local variable last | D.cs:360:20:360:30 | SSA def(last) | D.cs:363:13:363:16 | access to local variable last | Variable $@ may be null here because of $@ assignment. | D.cs:360:20:360:23 | last | last | D.cs:360:20:360:30 | String last = ... | this | -| D.cs:372:13:372:13 | access to local variable b | D.cs:366:15:366:47 | SSA def(b) | D.cs:372:13:372:13 | access to local variable b | Variable $@ may be null here because of $@ assignment. | D.cs:366:15:366:15 | b | b | D.cs:366:15:366:47 | Int32[] b = ... | this | -| D.cs:395:20:395:20 | access to parameter a | D.cs:388:36:388:36 | SSA param(a) | D.cs:395:20:395:20 | access to parameter a | Variable $@ may be null here as suggested by $@ null check. | D.cs:388:36:388:36 | a | a | D.cs:390:20:390:28 | ... == ... | this | -| D.cs:400:20:400:20 | access to parameter b | D.cs:388:45:388:45 | SSA param(b) | D.cs:400:20:400:20 | access to parameter b | Variable $@ may be null here as suggested by $@ null check. | D.cs:388:45:388:45 | b | b | D.cs:397:20:397:28 | ... == ... | this | -| D.cs:410:13:410:13 | access to parameter y | D.cs:405:45:405:45 | SSA param(y) | D.cs:410:13:410:13 | access to parameter y | Variable $@ may be null here as suggested by $@ null check. | D.cs:405:45:405:45 | y | y | D.cs:407:27:407:35 | ... == ... | this | -| D.cs:410:13:410:13 | access to parameter y | D.cs:405:45:405:45 | SSA param(y) | D.cs:410:13:410:13 | access to parameter y | Variable $@ may be null here as suggested by $@ null check. | D.cs:405:45:405:45 | y | y | D.cs:407:55:407:63 | ... != ... | this | -| D.cs:410:13:410:13 | access to parameter y | D.cs:405:45:405:45 | SSA param(y) | D.cs:410:13:410:13 | access to parameter y | Variable $@ may be null here as suggested by $@ null check. | D.cs:405:45:405:45 | y | y | D.cs:411:13:411:21 | ... != ... | this | -| D.cs:412:13:412:13 | access to parameter x | D.cs:405:35:405:35 | SSA param(x) | D.cs:412:13:412:13 | access to parameter x | Variable $@ may be null here as suggested by $@ null check. | D.cs:405:35:405:35 | x | x | D.cs:407:14:407:22 | ... != ... | this | -| D.cs:412:13:412:13 | access to parameter x | D.cs:405:35:405:35 | SSA param(x) | D.cs:412:13:412:13 | access to parameter x | Variable $@ may be null here as suggested by $@ null check. | D.cs:405:35:405:35 | x | x | D.cs:407:42:407:50 | ... == ... | this | -| D.cs:412:13:412:13 | access to parameter x | D.cs:405:35:405:35 | SSA param(x) | D.cs:412:13:412:13 | access to parameter x | Variable $@ may be null here as suggested by $@ null check. | D.cs:405:35:405:35 | x | x | D.cs:409:13:409:21 | ... != ... | this | -| E.cs:12:38:12:39 | access to local variable a2 | E.cs:9:18:9:26 | SSA def(a2) | E.cs:12:38:12:39 | access to local variable a2 | Variable $@ may be null here because of $@ assignment. | E.cs:9:18:9:19 | a2 | a2 | E.cs:9:18:9:26 | Int64[][] a2 = ... | this | -| E.cs:14:13:14:14 | access to local variable a3 | E.cs:11:16:11:24 | SSA def(a3) | E.cs:14:13:14:14 | access to local variable a3 | Variable $@ may be null here because of $@ assignment. | E.cs:11:16:11:17 | a3 | a3 | E.cs:11:16:11:24 | Int64[] a3 = ... | this | -| E.cs:27:13:27:14 | access to local variable s1 | E.cs:23:13:23:30 | SSA def(s1) | E.cs:27:13:27:14 | access to local variable s1 | Variable $@ may be null here because of $@ assignment. | E.cs:19:13:19:14 | s1 | s1 | E.cs:23:13:23:30 | ... = ... | this | -| E.cs:61:13:61:17 | access to local variable slice | E.cs:51:22:51:33 | SSA def(slice) | E.cs:61:13:61:17 | access to local variable slice | Variable $@ may be null here because of $@ assignment. | E.cs:51:22:51:26 | slice | slice | E.cs:51:22:51:33 | List slice = ... | this | -| E.cs:73:13:73:15 | access to parameter arr | E.cs:66:40:66:42 | SSA param(arr) | E.cs:73:13:73:15 | access to parameter arr | Variable $@ may be null here as suggested by $@ null check. | E.cs:66:40:66:42 | arr | arr | E.cs:70:22:70:32 | ... == ... | this | -| E.cs:112:13:112:16 | access to local variable arr2 | E.cs:107:15:107:25 | SSA def(arr2) | E.cs:112:13:112:16 | access to local variable arr2 | Variable $@ may be null here because of $@ assignment. | E.cs:107:15:107:18 | arr2 | arr2 | E.cs:107:15:107:25 | Int32[] arr2 = ... | this | -| E.cs:125:33:125:35 | access to local variable obj | E.cs:137:25:137:34 | SSA def(obj) | E.cs:125:33:125:35 | access to local variable obj | Variable $@ may be null here because of $@ assignment. | E.cs:119:13:119:15 | obj | obj | E.cs:137:25:137:34 | ... = ... | this | -| E.cs:159:13:159:16 | access to local variable obj2 | E.cs:152:16:152:26 | SSA def(obj2) | E.cs:159:13:159:16 | access to local variable obj2 | Variable $@ may be null here as suggested by $@ null check. | E.cs:152:16:152:19 | obj2 | obj2 | E.cs:153:13:153:24 | ... != ... | this | -| E.cs:167:21:167:21 | access to parameter a | E.cs:162:28:162:28 | SSA param(a) | E.cs:167:21:167:21 | access to parameter a | Variable $@ may be null here as suggested by $@ null check. | E.cs:162:28:162:28 | a | a | E.cs:164:17:164:25 | ... == ... | this | -| E.cs:178:13:178:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:178:13:178:15 | access to parameter obj | Variable $@ may be null here as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:175:19:175:29 | ... == ... | this | -| E.cs:178:13:178:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:178:13:178:15 | access to parameter obj | Variable $@ may be null here as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:180:13:180:23 | ... == ... | this | -| E.cs:186:13:186:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:186:13:186:15 | access to parameter obj | Variable $@ may be null here as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:175:19:175:29 | ... == ... | this | -| E.cs:186:13:186:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:186:13:186:15 | access to parameter obj | Variable $@ may be null here as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:180:13:180:23 | ... == ... | this | -| E.cs:192:17:192:17 | access to parameter o | E.cs:190:29:190:29 | SSA param(o) | E.cs:192:17:192:17 | access to parameter o | Variable $@ may be null here as suggested by $@ null check. | E.cs:190:29:190:29 | o | o | E.cs:193:17:193:17 | access to parameter o | this | -| E.cs:201:13:201:13 | access to local variable o | E.cs:198:13:198:29 | [b (line 196): true] SSA def(o) | E.cs:201:13:201:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | E.cs:198:13:198:13 | o | o | E.cs:198:13:198:29 | String o = ... | this | -| E.cs:203:13:203:13 | access to local variable o | E.cs:198:13:198:29 | [b (line 196): false] SSA def(o) | E.cs:203:13:203:13 | access to local variable o | Variable $@ may be null here because of $@ assignment. | E.cs:198:13:198:13 | o | o | E.cs:198:13:198:29 | String o = ... | this | -| E.cs:218:9:218:9 | access to local variable x | E.cs:217:13:217:20 | [b (line 213): true] SSA def(x) | E.cs:218:9:218:9 | access to local variable x | Variable $@ may be null here because of $@ assignment. | E.cs:215:13:215:13 | x | x | E.cs:217:13:217:20 | ... = ... | this | -| E.cs:230:9:230:9 | access to local variable x | E.cs:227:13:227:20 | [b (line 223): true] SSA def(x) | E.cs:230:9:230:9 | access to local variable x | Variable $@ may be null here because of $@ assignment. | E.cs:225:13:225:13 | x | x | E.cs:227:13:227:20 | ... = ... | this | -| E.cs:235:16:235:16 | access to parameter i | E.cs:233:26:233:26 | SSA param(i) | E.cs:235:16:235:16 | access to parameter i | Variable $@ may be null here because it has a nullable type. | E.cs:233:26:233:26 | i | i | E.cs:233:26:233:26 | i | this | -| E.cs:240:21:240:21 | access to parameter i | E.cs:238:26:238:26 | SSA param(i) | E.cs:240:21:240:21 | access to parameter i | Variable $@ may be null here because it has a nullable type. | E.cs:238:26:238:26 | i | i | E.cs:238:26:238:26 | i | this | -| E.cs:285:9:285:9 | access to local variable o | E.cs:283:13:283:22 | [b (line 279): false] SSA def(o) | E.cs:285:9:285:9 | access to local variable o | Variable $@ may be null here as suggested by $@ null check. | E.cs:283:13:283:13 | o | o | E.cs:284:9:284:9 | access to local variable o | this | -| E.cs:285:9:285:9 | access to local variable o | E.cs:283:13:283:22 | [b (line 279): true] SSA def(o) | E.cs:285:9:285:9 | access to local variable o | Variable $@ may be null here as suggested by $@ null check. | E.cs:283:13:283:13 | o | o | E.cs:284:9:284:9 | access to local variable o | this | -| E.cs:302:9:302:9 | access to local variable s | E.cs:301:13:301:27 | SSA def(s) | E.cs:302:9:302:9 | access to local variable s | Variable $@ may be null here because of $@ assignment. | E.cs:301:13:301:13 | s | s | E.cs:301:13:301:27 | String s = ... | this | -| E.cs:343:9:343:9 | access to local variable x | E.cs:342:13:342:32 | SSA def(x) | E.cs:343:9:343:9 | access to local variable x | Variable $@ may be null here because of $@ assignment. | E.cs:342:13:342:13 | x | x | E.cs:342:13:342:32 | String x = ... | this | -| E.cs:349:9:349:9 | access to local variable x | E.cs:348:17:348:36 | SSA def(x) | E.cs:349:9:349:9 | access to local variable x | Variable $@ may be null here because of $@ assignment. | E.cs:348:17:348:17 | x | x | E.cs:348:17:348:36 | dynamic x = ... | this | -| E.cs:366:41:366:41 | access to parameter s | E.cs:366:28:366:28 | SSA param(s) | E.cs:366:41:366:41 | access to parameter s | Variable $@ may be null here because the parameter has a null default value. | E.cs:366:28:366:28 | s | s | E.cs:366:32:366:35 | null | this | -| E.cs:375:20:375:20 | access to local variable s | E.cs:374:17:374:31 | SSA def(s) | E.cs:375:20:375:20 | access to local variable s | Variable $@ may be null here because of $@ assignment. | E.cs:374:17:374:17 | s | s | E.cs:374:17:374:31 | String s = ... | this | -| E.cs:386:16:386:17 | access to parameter e1 | E.cs:380:24:380:25 | SSA param(e1) | E.cs:386:16:386:17 | access to parameter e1 | Variable $@ may be null here as suggested by $@ null check. | E.cs:380:24:380:25 | e1 | e1 | E.cs:382:14:382:23 | ... == ... | this | -| E.cs:386:16:386:17 | access to parameter e1 | E.cs:380:24:380:25 | SSA param(e1) | E.cs:386:16:386:17 | access to parameter e1 | Variable $@ may be null here as suggested by $@ null check. | E.cs:380:24:380:25 | e1 | e1 | E.cs:382:44:382:53 | ... != ... | this | -| E.cs:386:16:386:17 | access to parameter e1 | E.cs:380:24:380:25 | SSA param(e1) | E.cs:386:16:386:17 | access to parameter e1 | Variable $@ may be null here as suggested by $@ null check. | E.cs:380:24:380:25 | e1 | e1 | E.cs:384:13:384:22 | ... == ... | this | -| E.cs:386:27:386:28 | access to parameter e2 | E.cs:380:30:380:31 | SSA param(e2) | E.cs:386:27:386:28 | access to parameter e2 | Variable $@ may be null here as suggested by $@ null check. | E.cs:380:30:380:31 | e2 | e2 | E.cs:382:28:382:37 | ... != ... | this | -| E.cs:386:27:386:28 | access to parameter e2 | E.cs:380:30:380:31 | SSA param(e2) | E.cs:386:27:386:28 | access to parameter e2 | Variable $@ may be null here as suggested by $@ null check. | E.cs:380:30:380:31 | e2 | e2 | E.cs:382:58:382:67 | ... == ... | this | -| E.cs:386:27:386:28 | access to parameter e2 | E.cs:380:30:380:31 | SSA param(e2) | E.cs:386:27:386:28 | access to parameter e2 | Variable $@ may be null here as suggested by $@ null check. | E.cs:380:30:380:31 | e2 | e2 | E.cs:384:27:384:36 | ... == ... | this | -| E.cs:417:34:417:34 | access to parameter i | E.cs:417:24:417:40 | SSA capture def(i) | E.cs:417:34:417:34 | access to parameter i | Variable $@ may be null here because it has a nullable type. | E.cs:415:27:415:27 | i | i | E.cs:415:27:415:27 | i | this | -| GuardedString.cs:35:31:35:31 | access to local variable s | GuardedString.cs:7:16:7:32 | SSA def(s) | GuardedString.cs:35:31:35:31 | access to local variable s | Variable $@ may be null here because of $@ assignment. | GuardedString.cs:7:16:7:16 | s | s | GuardedString.cs:7:16:7:32 | String s = ... | this | -| NullMaybeBad.cs:7:27:7:27 | access to parameter o | NullMaybeBad.cs:13:17:13:20 | null | NullMaybeBad.cs:7:27:7:27 | access to parameter o | Variable $@ may be null here because of $@ null argument. | NullMaybeBad.cs:5:25:5:25 | o | o | NullMaybeBad.cs:13:17:13:20 | null | this | -| StringConcatenation.cs:16:17:16:17 | access to local variable s | StringConcatenation.cs:14:16:14:23 | SSA def(s) | StringConcatenation.cs:16:17:16:17 | access to local variable s | Variable $@ may be null here because of $@ assignment. | StringConcatenation.cs:14:16:14:16 | s | s | StringConcatenation.cs:14:16:14:23 | String s = ... | this | +| C.cs:64:9:64:10 | access to local variable o1 | C.cs:62:13:62:46 | SSA def(o1) | C.cs:64:9:64:10 | access to local variable o1 | Variable $@ may be null at this access because of $@ assignment. | C.cs:62:13:62:14 | o1 | o1 | C.cs:62:13:62:46 | Object o1 = ... | this | +| C.cs:68:9:68:10 | access to local variable o2 | C.cs:66:13:66:46 | SSA def(o2) | C.cs:68:9:68:10 | access to local variable o2 | Variable $@ may be null at this access because of $@ assignment. | C.cs:66:13:66:14 | o2 | o2 | C.cs:66:13:66:46 | Object o2 = ... | this | +| C.cs:95:15:95:15 | access to local variable o | C.cs:94:13:94:45 | SSA def(o) | C.cs:95:15:95:15 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | C.cs:94:13:94:13 | o | o | C.cs:94:13:94:45 | Object o = ... | this | +| C.cs:103:27:103:30 | access to parameter list | C.cs:102:13:102:23 | SSA def(list) | C.cs:103:27:103:30 | access to parameter list | Variable $@ may be null at this access because of $@ assignment. | C.cs:99:42:99:45 | list | list | C.cs:102:13:102:23 | ... = ... | this | +| C.cs:177:13:177:13 | access to local variable s | C.cs:178:13:178:20 | SSA def(s) | C.cs:177:13:177:13 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | C.cs:151:13:151:13 | s | s | C.cs:178:13:178:20 | ... = ... | this | +| C.cs:203:13:203:13 | access to local variable s | C.cs:204:13:204:20 | SSA def(s) | C.cs:203:13:203:13 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | C.cs:185:13:185:13 | s | s | C.cs:204:13:204:20 | ... = ... | this | +| C.cs:223:9:223:9 | access to local variable s | C.cs:222:13:222:20 | SSA def(s) | C.cs:223:9:223:9 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | C.cs:210:13:210:13 | s | s | C.cs:222:13:222:20 | ... = ... | this | +| C.cs:242:13:242:13 | access to local variable s | C.cs:240:24:240:31 | SSA def(s) | C.cs:242:13:242:13 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | C.cs:228:16:228:16 | s | s | C.cs:240:24:240:31 | ... = ... | this | +| D.cs:23:9:23:13 | access to parameter param | D.cs:17:17:17:20 | null | D.cs:23:9:23:13 | access to parameter param | Variable $@ may be null at this access because of $@ null argument. | D.cs:21:32:21:36 | param | param | D.cs:17:17:17:20 | null | this | +| D.cs:32:9:32:13 | access to parameter param | D.cs:26:32:26:36 | SSA param(param) | D.cs:32:9:32:13 | access to parameter param | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:26:32:26:36 | param | param | D.cs:28:13:28:25 | ... != ... | this | +| D.cs:62:13:62:14 | access to local variable o5 | D.cs:58:13:58:41 | SSA def(o5) | D.cs:62:13:62:14 | access to local variable o5 | Variable $@ may be null at this access because of $@ assignment. | D.cs:58:13:58:14 | o5 | o5 | D.cs:58:13:58:41 | String o5 = ... | this | +| D.cs:73:13:73:14 | access to local variable o7 | D.cs:68:13:68:34 | SSA def(o7) | D.cs:73:13:73:14 | access to local variable o7 | Variable $@ may be null at this access because of $@ assignment. | D.cs:68:13:68:14 | o7 | o7 | D.cs:68:13:68:34 | String o7 = ... | this | +| D.cs:82:13:82:14 | access to local variable o8 | D.cs:75:13:75:34 | SSA def(o8) | D.cs:82:13:82:14 | access to local variable o8 | Variable $@ may be null at this access because of $@ assignment. | D.cs:75:13:75:14 | o8 | o8 | D.cs:75:13:75:34 | String o8 = ... | this | +| D.cs:84:13:84:14 | access to local variable o8 | D.cs:75:13:75:34 | SSA def(o8) | D.cs:84:13:84:14 | access to local variable o8 | Variable $@ may be null at this access because of $@ assignment. | D.cs:75:13:75:14 | o8 | o8 | D.cs:75:13:75:34 | String o8 = ... | this | +| D.cs:91:13:91:14 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:91:13:91:14 | access to local variable xs | Variable $@ may be null at this access because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | +| D.cs:94:21:94:22 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:94:21:94:22 | access to local variable xs | Variable $@ may be null at this access because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | +| D.cs:98:21:98:22 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:98:21:98:22 | access to local variable xs | Variable $@ may be null at this access because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | +| D.cs:102:31:102:32 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:102:31:102:32 | access to local variable xs | Variable $@ may be null at this access because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | +| D.cs:105:19:105:20 | access to local variable xs | D.cs:89:15:89:44 | SSA def(xs) | D.cs:105:19:105:20 | access to local variable xs | Variable $@ may be null at this access because of $@ assignment. | D.cs:89:15:89:16 | xs | xs | D.cs:89:15:89:44 | Int32[] xs = ... | this | +| D.cs:134:24:134:24 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:134:24:134:24 | access to parameter a | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:127:20:127:28 | ... == ... | this | +| D.cs:134:24:134:24 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:134:24:134:24 | access to parameter a | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:139:13:139:21 | ... != ... | this | +| D.cs:135:24:135:24 | access to parameter b | D.cs:125:44:125:44 | SSA param(b) | D.cs:135:24:135:24 | access to parameter b | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:125:44:125:44 | b | b | D.cs:128:20:128:28 | ... == ... | this | +| D.cs:145:20:145:20 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:145:20:145:20 | access to parameter a | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:127:20:127:28 | ... == ... | this | +| D.cs:145:20:145:20 | access to parameter a | D.cs:125:35:125:35 | SSA param(a) | D.cs:145:20:145:20 | access to parameter a | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:125:35:125:35 | a | a | D.cs:139:13:139:21 | ... != ... | this | +| D.cs:151:9:151:11 | access to parameter obj | D.cs:149:36:149:38 | SSA param(obj) | D.cs:151:9:151:11 | access to parameter obj | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:149:36:149:38 | obj | obj | D.cs:152:17:152:27 | ... != ... | this | +| D.cs:171:9:171:11 | access to local variable obj | D.cs:163:16:163:25 | SSA def(obj) | D.cs:171:9:171:11 | access to local variable obj | Variable $@ may be null at this access because of $@ assignment. | D.cs:163:16:163:18 | obj | obj | D.cs:163:16:163:25 | Object obj = ... | this | +| D.cs:245:13:245:13 | access to local variable o | D.cs:240:9:240:16 | SSA def(o) | D.cs:245:13:245:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | D.cs:228:16:228:16 | o | o | D.cs:240:9:240:16 | ... = ... | this | +| D.cs:247:13:247:13 | access to local variable o | D.cs:240:9:240:16 | SSA def(o) | D.cs:247:13:247:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | D.cs:228:16:228:16 | o | o | D.cs:240:9:240:16 | ... = ... | this | +| D.cs:253:13:253:14 | access to local variable o2 | D.cs:249:13:249:38 | SSA def(o2) | D.cs:253:13:253:14 | access to local variable o2 | Variable $@ may be null at this access because of $@ assignment. | D.cs:249:13:249:14 | o2 | o2 | D.cs:249:13:249:38 | String o2 = ... | this | +| D.cs:267:13:267:13 | access to local variable o | D.cs:258:16:258:23 | SSA def(o) | D.cs:267:13:267:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:258:16:258:23 | Object o = ... | this | +| D.cs:291:13:291:13 | access to local variable o | D.cs:269:9:269:16 | SSA def(o) | D.cs:291:13:291:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:269:9:269:16 | ... = ... | this | +| D.cs:291:13:291:13 | access to local variable o | D.cs:283:17:283:24 | SSA def(o) | D.cs:291:13:291:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:283:17:283:24 | ... = ... | this | +| D.cs:294:13:294:13 | access to local variable o | D.cs:269:9:269:16 | SSA def(o) | D.cs:294:13:294:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:269:9:269:16 | ... = ... | this | +| D.cs:294:13:294:13 | access to local variable o | D.cs:283:17:283:24 | SSA def(o) | D.cs:294:13:294:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | D.cs:258:16:258:16 | o | o | D.cs:283:17:283:24 | ... = ... | this | +| D.cs:300:17:300:20 | access to local variable prev | D.cs:296:16:296:26 | SSA def(prev) | D.cs:300:17:300:20 | access to local variable prev | Variable $@ may be null at this access because of $@ assignment. | D.cs:296:16:296:19 | prev | prev | D.cs:296:16:296:26 | Object prev = ... | this | +| D.cs:313:17:313:17 | access to local variable s | D.cs:304:16:304:23 | SSA def(s) | D.cs:313:17:313:17 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | D.cs:304:16:304:16 | s | s | D.cs:304:16:304:23 | String s = ... | this | +| D.cs:324:9:324:9 | access to local variable r | D.cs:316:16:316:23 | SSA def(r) | D.cs:324:9:324:9 | access to local variable r | Variable $@ may be null at this access because of $@ assignment. | D.cs:316:16:316:16 | r | r | D.cs:316:16:316:23 | Object r = ... | this | +| D.cs:356:13:356:13 | access to local variable a | D.cs:351:15:351:22 | SSA def(a) | D.cs:356:13:356:13 | access to local variable a | Variable $@ may be null at this access because of $@ assignment. | D.cs:351:15:351:15 | a | a | D.cs:351:15:351:22 | Int32[] a = ... | this | +| D.cs:363:13:363:16 | access to local variable last | D.cs:360:20:360:30 | SSA def(last) | D.cs:363:13:363:16 | access to local variable last | Variable $@ may be null at this access because of $@ assignment. | D.cs:360:20:360:23 | last | last | D.cs:360:20:360:30 | String last = ... | this | +| D.cs:372:13:372:13 | access to local variable b | D.cs:366:15:366:47 | SSA def(b) | D.cs:372:13:372:13 | access to local variable b | Variable $@ may be null at this access because of $@ assignment. | D.cs:366:15:366:15 | b | b | D.cs:366:15:366:47 | Int32[] b = ... | this | +| D.cs:395:20:395:20 | access to parameter a | D.cs:388:36:388:36 | SSA param(a) | D.cs:395:20:395:20 | access to parameter a | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:388:36:388:36 | a | a | D.cs:390:20:390:28 | ... == ... | this | +| D.cs:400:20:400:20 | access to parameter b | D.cs:388:45:388:45 | SSA param(b) | D.cs:400:20:400:20 | access to parameter b | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:388:45:388:45 | b | b | D.cs:397:20:397:28 | ... == ... | this | +| D.cs:410:13:410:13 | access to parameter y | D.cs:405:45:405:45 | SSA param(y) | D.cs:410:13:410:13 | access to parameter y | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:405:45:405:45 | y | y | D.cs:407:27:407:35 | ... == ... | this | +| D.cs:410:13:410:13 | access to parameter y | D.cs:405:45:405:45 | SSA param(y) | D.cs:410:13:410:13 | access to parameter y | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:405:45:405:45 | y | y | D.cs:407:55:407:63 | ... != ... | this | +| D.cs:410:13:410:13 | access to parameter y | D.cs:405:45:405:45 | SSA param(y) | D.cs:410:13:410:13 | access to parameter y | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:405:45:405:45 | y | y | D.cs:411:13:411:21 | ... != ... | this | +| D.cs:412:13:412:13 | access to parameter x | D.cs:405:35:405:35 | SSA param(x) | D.cs:412:13:412:13 | access to parameter x | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:405:35:405:35 | x | x | D.cs:407:14:407:22 | ... != ... | this | +| D.cs:412:13:412:13 | access to parameter x | D.cs:405:35:405:35 | SSA param(x) | D.cs:412:13:412:13 | access to parameter x | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:405:35:405:35 | x | x | D.cs:407:42:407:50 | ... == ... | this | +| D.cs:412:13:412:13 | access to parameter x | D.cs:405:35:405:35 | SSA param(x) | D.cs:412:13:412:13 | access to parameter x | Variable $@ may be null at this access as suggested by $@ null check. | D.cs:405:35:405:35 | x | x | D.cs:409:13:409:21 | ... != ... | this | +| E.cs:12:38:12:39 | access to local variable a2 | E.cs:9:18:9:26 | SSA def(a2) | E.cs:12:38:12:39 | access to local variable a2 | Variable $@ may be null at this access because of $@ assignment. | E.cs:9:18:9:19 | a2 | a2 | E.cs:9:18:9:26 | Int64[][] a2 = ... | this | +| E.cs:14:13:14:14 | access to local variable a3 | E.cs:11:16:11:24 | SSA def(a3) | E.cs:14:13:14:14 | access to local variable a3 | Variable $@ may be null at this access because of $@ assignment. | E.cs:11:16:11:17 | a3 | a3 | E.cs:11:16:11:24 | Int64[] a3 = ... | this | +| E.cs:27:13:27:14 | access to local variable s1 | E.cs:23:13:23:30 | SSA def(s1) | E.cs:27:13:27:14 | access to local variable s1 | Variable $@ may be null at this access because of $@ assignment. | E.cs:19:13:19:14 | s1 | s1 | E.cs:23:13:23:30 | ... = ... | this | +| E.cs:61:13:61:17 | access to local variable slice | E.cs:51:22:51:33 | SSA def(slice) | E.cs:61:13:61:17 | access to local variable slice | Variable $@ may be null at this access because of $@ assignment. | E.cs:51:22:51:26 | slice | slice | E.cs:51:22:51:33 | List slice = ... | this | +| E.cs:73:13:73:15 | access to parameter arr | E.cs:66:40:66:42 | SSA param(arr) | E.cs:73:13:73:15 | access to parameter arr | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:66:40:66:42 | arr | arr | E.cs:70:22:70:32 | ... == ... | this | +| E.cs:112:13:112:16 | access to local variable arr2 | E.cs:107:15:107:25 | SSA def(arr2) | E.cs:112:13:112:16 | access to local variable arr2 | Variable $@ may be null at this access because of $@ assignment. | E.cs:107:15:107:18 | arr2 | arr2 | E.cs:107:15:107:25 | Int32[] arr2 = ... | this | +| E.cs:125:33:125:35 | access to local variable obj | E.cs:137:25:137:34 | SSA def(obj) | E.cs:125:33:125:35 | access to local variable obj | Variable $@ may be null at this access because of $@ assignment. | E.cs:119:13:119:15 | obj | obj | E.cs:137:25:137:34 | ... = ... | this | +| E.cs:159:13:159:16 | access to local variable obj2 | E.cs:152:16:152:26 | SSA def(obj2) | E.cs:159:13:159:16 | access to local variable obj2 | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:152:16:152:19 | obj2 | obj2 | E.cs:153:13:153:24 | ... != ... | this | +| E.cs:167:21:167:21 | access to parameter a | E.cs:162:28:162:28 | SSA param(a) | E.cs:167:21:167:21 | access to parameter a | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:162:28:162:28 | a | a | E.cs:164:17:164:25 | ... == ... | this | +| E.cs:178:13:178:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:178:13:178:15 | access to parameter obj | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:175:19:175:29 | ... == ... | this | +| E.cs:178:13:178:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:178:13:178:15 | access to parameter obj | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:180:13:180:23 | ... == ... | this | +| E.cs:186:13:186:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:186:13:186:15 | access to parameter obj | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:175:19:175:29 | ... == ... | this | +| E.cs:186:13:186:15 | access to parameter obj | E.cs:173:29:173:31 | SSA param(obj) | E.cs:186:13:186:15 | access to parameter obj | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:173:29:173:31 | obj | obj | E.cs:180:13:180:23 | ... == ... | this | +| E.cs:192:17:192:17 | access to parameter o | E.cs:190:29:190:29 | SSA param(o) | E.cs:192:17:192:17 | access to parameter o | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:190:29:190:29 | o | o | E.cs:193:17:193:17 | access to parameter o | this | +| E.cs:201:13:201:13 | access to local variable o | E.cs:198:13:198:29 | [b (line 196): true] SSA def(o) | E.cs:201:13:201:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | E.cs:198:13:198:13 | o | o | E.cs:198:13:198:29 | String o = ... | this | +| E.cs:203:13:203:13 | access to local variable o | E.cs:198:13:198:29 | [b (line 196): false] SSA def(o) | E.cs:203:13:203:13 | access to local variable o | Variable $@ may be null at this access because of $@ assignment. | E.cs:198:13:198:13 | o | o | E.cs:198:13:198:29 | String o = ... | this | +| E.cs:218:9:218:9 | access to local variable x | E.cs:217:13:217:20 | [b (line 213): true] SSA def(x) | E.cs:218:9:218:9 | access to local variable x | Variable $@ may be null at this access because of $@ assignment. | E.cs:215:13:215:13 | x | x | E.cs:217:13:217:20 | ... = ... | this | +| E.cs:230:9:230:9 | access to local variable x | E.cs:227:13:227:20 | [b (line 223): true] SSA def(x) | E.cs:230:9:230:9 | access to local variable x | Variable $@ may be null at this access because of $@ assignment. | E.cs:225:13:225:13 | x | x | E.cs:227:13:227:20 | ... = ... | this | +| E.cs:235:16:235:16 | access to parameter i | E.cs:233:26:233:26 | SSA param(i) | E.cs:235:16:235:16 | access to parameter i | Variable $@ may be null at this access because it has a nullable type. | E.cs:233:26:233:26 | i | i | E.cs:233:26:233:26 | i | this | +| E.cs:240:21:240:21 | access to parameter i | E.cs:238:26:238:26 | SSA param(i) | E.cs:240:21:240:21 | access to parameter i | Variable $@ may be null at this access because it has a nullable type. | E.cs:238:26:238:26 | i | i | E.cs:238:26:238:26 | i | this | +| E.cs:285:9:285:9 | access to local variable o | E.cs:283:13:283:22 | [b (line 279): false] SSA def(o) | E.cs:285:9:285:9 | access to local variable o | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:283:13:283:13 | o | o | E.cs:284:9:284:9 | access to local variable o | this | +| E.cs:285:9:285:9 | access to local variable o | E.cs:283:13:283:22 | [b (line 279): true] SSA def(o) | E.cs:285:9:285:9 | access to local variable o | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:283:13:283:13 | o | o | E.cs:284:9:284:9 | access to local variable o | this | +| E.cs:302:9:302:9 | access to local variable s | E.cs:301:13:301:27 | SSA def(s) | E.cs:302:9:302:9 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | E.cs:301:13:301:13 | s | s | E.cs:301:13:301:27 | String s = ... | this | +| E.cs:343:9:343:9 | access to local variable x | E.cs:342:13:342:32 | SSA def(x) | E.cs:343:9:343:9 | access to local variable x | Variable $@ may be null at this access because of $@ assignment. | E.cs:342:13:342:13 | x | x | E.cs:342:13:342:32 | String x = ... | this | +| E.cs:349:9:349:9 | access to local variable x | E.cs:348:17:348:36 | SSA def(x) | E.cs:349:9:349:9 | access to local variable x | Variable $@ may be null at this access because of $@ assignment. | E.cs:348:17:348:17 | x | x | E.cs:348:17:348:36 | dynamic x = ... | this | +| E.cs:366:41:366:41 | access to parameter s | E.cs:366:28:366:28 | SSA param(s) | E.cs:366:41:366:41 | access to parameter s | Variable $@ may be null at this access because the parameter has a null default value. | E.cs:366:28:366:28 | s | s | E.cs:366:32:366:35 | null | this | +| E.cs:375:20:375:20 | access to local variable s | E.cs:374:17:374:31 | SSA def(s) | E.cs:375:20:375:20 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | E.cs:374:17:374:17 | s | s | E.cs:374:17:374:31 | String s = ... | this | +| E.cs:386:16:386:17 | access to parameter e1 | E.cs:380:24:380:25 | SSA param(e1) | E.cs:386:16:386:17 | access to parameter e1 | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:380:24:380:25 | e1 | e1 | E.cs:382:14:382:23 | ... == ... | this | +| E.cs:386:16:386:17 | access to parameter e1 | E.cs:380:24:380:25 | SSA param(e1) | E.cs:386:16:386:17 | access to parameter e1 | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:380:24:380:25 | e1 | e1 | E.cs:382:44:382:53 | ... != ... | this | +| E.cs:386:16:386:17 | access to parameter e1 | E.cs:380:24:380:25 | SSA param(e1) | E.cs:386:16:386:17 | access to parameter e1 | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:380:24:380:25 | e1 | e1 | E.cs:384:13:384:22 | ... == ... | this | +| E.cs:386:27:386:28 | access to parameter e2 | E.cs:380:30:380:31 | SSA param(e2) | E.cs:386:27:386:28 | access to parameter e2 | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:380:30:380:31 | e2 | e2 | E.cs:382:28:382:37 | ... != ... | this | +| E.cs:386:27:386:28 | access to parameter e2 | E.cs:380:30:380:31 | SSA param(e2) | E.cs:386:27:386:28 | access to parameter e2 | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:380:30:380:31 | e2 | e2 | E.cs:382:58:382:67 | ... == ... | this | +| E.cs:386:27:386:28 | access to parameter e2 | E.cs:380:30:380:31 | SSA param(e2) | E.cs:386:27:386:28 | access to parameter e2 | Variable $@ may be null at this access as suggested by $@ null check. | E.cs:380:30:380:31 | e2 | e2 | E.cs:384:27:384:36 | ... == ... | this | +| E.cs:417:34:417:34 | access to parameter i | E.cs:417:24:417:40 | SSA capture def(i) | E.cs:417:34:417:34 | access to parameter i | Variable $@ may be null at this access because it has a nullable type. | E.cs:415:27:415:27 | i | i | E.cs:415:27:415:27 | i | this | +| GuardedString.cs:35:31:35:31 | access to local variable s | GuardedString.cs:7:16:7:32 | SSA def(s) | GuardedString.cs:35:31:35:31 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | GuardedString.cs:7:16:7:16 | s | s | GuardedString.cs:7:16:7:32 | String s = ... | this | +| NullMaybeBad.cs:7:27:7:27 | access to parameter o | NullMaybeBad.cs:13:17:13:20 | null | NullMaybeBad.cs:7:27:7:27 | access to parameter o | Variable $@ may be null at this access because of $@ null argument. | NullMaybeBad.cs:5:25:5:25 | o | o | NullMaybeBad.cs:13:17:13:20 | null | this | +| StringConcatenation.cs:16:17:16:17 | access to local variable s | StringConcatenation.cs:14:16:14:23 | SSA def(s) | StringConcatenation.cs:16:17:16:17 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | StringConcatenation.cs:14:16:14:16 | s | s | StringConcatenation.cs:14:16:14:23 | String s = ... | this | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected index 59f27496610..77e55c484e7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected @@ -26,10 +26,10 @@ nodes | TaintedPath.cs:51:26:51:29 | access to local variable path | semmle.label | access to local variable path | subpaths #select -| TaintedPath.cs:12:50:12:53 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:12:50:12:53 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:10:23:10:45 | access to property QueryString | User-provided value | -| TaintedPath.cs:17:51:17:54 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:17:51:17:54 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:10:23:10:45 | access to property QueryString | User-provided value | -| TaintedPath.cs:25:30:25:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:25:30:25:33 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:10:23:10:45 | access to property QueryString | User-provided value | -| TaintedPath.cs:31:30:31:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:31:30:31:33 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:10:23:10:45 | access to property QueryString | User-provided value | -| TaintedPath.cs:36:25:36:31 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:36:25:36:31 | access to local variable badPath | $@ flows to here and is used in a path. | TaintedPath.cs:10:23:10:45 | access to property QueryString | User-provided value | -| TaintedPath.cs:38:49:38:55 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:38:49:38:55 | access to local variable badPath | $@ flows to here and is used in a path. | TaintedPath.cs:10:23:10:45 | access to property QueryString | User-provided value | -| TaintedPath.cs:51:26:51:29 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:51:26:51:29 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:10:23:10:45 | access to property QueryString | User-provided value | +| TaintedPath.cs:12:50:12:53 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:12:50:12:53 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value | +| TaintedPath.cs:17:51:17:54 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:17:51:17:54 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value | +| TaintedPath.cs:25:30:25:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:25:30:25:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value | +| TaintedPath.cs:31:30:31:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:31:30:31:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value | +| TaintedPath.cs:36:25:36:31 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:36:25:36:31 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value | +| TaintedPath.cs:38:49:38:55 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:38:49:38:55 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value | +| TaintedPath.cs:51:26:51:29 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:51:26:51:29 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected index 06d2429450c..336342b9747 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected @@ -44,12 +44,12 @@ nodes | CommandInjection.cs:35:27:35:40 | access to local variable startInfoProps | semmle.label | access to local variable startInfoProps | subpaths #select -| CommandInjection.cs:26:27:26:47 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:26:27:26:47 | ... + ... | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:26:50:26:66 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:26:50:26:66 | ... + ... | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:28:63:28:71 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:63:28:71 | access to local variable userInput | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:28:74:28:82 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:74:28:82 | access to local variable userInput | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:29:27:29:35 | access to local variable startInfo | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:29:27:29:35 | access to local variable startInfo | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:32:39:32:47 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:32:39:32:47 | access to local variable userInput | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:33:40:33:48 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:33:40:33:48 | access to local variable userInput | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:34:47:34:55 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:34:47:34:55 | access to local variable userInput | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | -| CommandInjection.cs:35:27:35:40 | access to local variable startInfoProps | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:35:27:35:40 | access to local variable startInfoProps | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value | +| CommandInjection.cs:26:27:26:47 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:26:27:26:47 | ... + ... | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:26:50:26:66 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:26:50:26:66 | ... + ... | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:28:63:28:71 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:63:28:71 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:28:74:28:82 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:74:28:82 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:29:27:29:35 | access to local variable startInfo | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:29:27:29:35 | access to local variable startInfo | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:32:39:32:47 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:32:39:32:47 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:33:40:33:48 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:33:40:33:48 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:34:47:34:55 | access to local variable userInput | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:34:47:34:55 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | +| CommandInjection.cs:35:27:35:40 | access to local variable startInfoProps | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:35:27:35:40 | access to local variable startInfoProps | This command line depends on a $@. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected index 2ea6dd3ad07..0c166565a83 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected @@ -5,4 +5,4 @@ nodes | StoredCommandInjection.cs:22:54:22:80 | call to method GetString : String | semmle.label | call to method GetString : String | subpaths #select -| StoredCommandInjection.cs:22:46:22:80 | ... + ... | StoredCommandInjection.cs:22:54:22:80 | call to method GetString : String | StoredCommandInjection.cs:22:46:22:80 | ... + ... | $@ flows to here and is used in a command. | StoredCommandInjection.cs:22:54:22:80 | call to method GetString | Stored user-provided value | +| StoredCommandInjection.cs:22:46:22:80 | ... + ... | StoredCommandInjection.cs:22:54:22:80 | call to method GetString : String | StoredCommandInjection.cs:22:46:22:80 | ... + ... | This command line depends on a $@. | StoredCommandInjection.cs:22:54:22:80 | call to method GetString | stored (potentially user-provided) value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected index 4f3aaa0356e..bafe7257095 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected @@ -5,4 +5,4 @@ nodes | StoredXSS.cs:24:60:24:86 | call to method GetString : String | semmle.label | call to method GetString : String | subpaths #select -| StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:24:60:24:86 | call to method GetString | Stored user-provided value | +| StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... | This HTML or JavaScript write depends on a $@. | StoredXSS.cs:24:60:24:86 | call to method GetString | stored (potentially user-provided) value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.expected index b283c6b7f70..e6048fc656e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.expected @@ -35,6 +35,6 @@ nodes | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | semmle.label | access to local variable sql | subpaths #select -| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | $@ flows to here and is used in an SQL query. | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString | Stored user-provided value | -| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | $@ flows to here and is used in an SQL query. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream | Stored user-provided value | -| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | $@ flows to here and is used in an SQL query. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream | Stored user-provided value | +| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | This SQL query depends on a $@. | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString | stored user-provided value | +| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | This SQL query depends on a $@. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream | stored user-provided value | +| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This SQL query depends on a $@. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream | stored user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected index f42ab5fb795..888573d86b6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected @@ -84,22 +84,22 @@ nodes | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | semmle.label | access to local variable sql | subpaths #select -| SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input | -| SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input | -| SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input | -| SqlInjection.cs:83:50:83:55 | access to local variable query1 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:82:21:82:29 | access to property Text : String | this TextBox text | -| SqlInjection.cs:93:42:93:52 | access to local variable queryString | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | Query might include code from $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text | -| SqlInjection.cs:94:50:94:52 | access to local variable cmd | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:94:50:94:52 | access to local variable cmd | Query might include code from $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text | -| SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | this TextBox text | -| SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | this TextBox text | -| SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | this TextBox text | -| SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | this TextBox text | -| SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | this TextBox text | -| SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | this TextBox text | -| SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | this TextBox text | -| SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | Query might include code from $@. | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | this ASP.NET user input | -| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | Query might include code from $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input | -| SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | Query might include code from $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input | -| SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | Query might include code from $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input | -| SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | Query might include code from $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input | -| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | Query might include code from $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input | +| SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input | +| SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input | +| SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input | +| SqlInjection.cs:83:50:83:55 | access to local variable query1 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:82:21:82:29 | access to property Text : String | this TextBox text | +| SqlInjection.cs:93:42:93:52 | access to local variable queryString | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text | +| SqlInjection.cs:94:50:94:52 | access to local variable cmd | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:94:50:94:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text | +| SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | this TextBox text | +| SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | this TextBox text | +| SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | this TextBox text | +| SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | this TextBox text | +| SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | this TextBox text | +| SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | this TextBox text | +| SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | this TextBox text | +| SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | this ASP.NET user input | +| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input | +| SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input | +| SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input | +| SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input | +| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected index b0fd2471366..0699a17d531 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected @@ -23,9 +23,9 @@ nodes | LDAPInjection.cs:29:20:29:42 | ... + ... | semmle.label | ... + ... | subpaths #select -| LDAPInjection.cs:14:54:14:78 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:14:54:14:78 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| LDAPInjection.cs:16:21:16:45 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:16:21:16:45 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| LDAPInjection.cs:23:21:23:45 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:23:21:23:45 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| LDAPInjection.cs:24:53:24:77 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:24:53:24:77 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| LDAPInjection.cs:27:48:27:70 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:27:48:27:70 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| LDAPInjection.cs:29:20:29:42 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:29:20:29:42 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | +| LDAPInjection.cs:14:54:14:78 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:14:54:14:78 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| LDAPInjection.cs:16:21:16:45 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:16:21:16:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| LDAPInjection.cs:23:21:23:45 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:23:21:23:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| LDAPInjection.cs:24:53:24:77 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:24:53:24:77 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| LDAPInjection.cs:27:48:27:70 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:27:48:27:70 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| LDAPInjection.cs:29:20:29:42 | ... + ... | LDAPInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:29:20:29:42 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.expected index 0d51f35df60..34e5ef3dc99 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.expected @@ -5,4 +5,4 @@ nodes | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString : String | semmle.label | call to method GetString : String | subpaths #select -| StoredLDAPInjection.cs:22:66:22:109 | ... + ... | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString : String | StoredLDAPInjection.cs:22:66:22:109 | ... + ... | $@ flows to here and is used in an LDAP query. | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString | Stored user-provided value | +| StoredLDAPInjection.cs:22:66:22:109 | ... + ... | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString : String | StoredLDAPInjection.cs:22:66:22:109 | ... + ... | This LDAP query depends on a $@. | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString | stored (potentially user-provided) value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected index e3faaba88be..63b1d336449 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected @@ -8,4 +8,4 @@ nodes | Test.cs:15:25:15:80 | ... + ... | semmle.label | ... + ... | subpaths #select -| Test.cs:15:25:15:80 | ... + ... | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:15:25:15:80 | ... + ... | $@ flows to here and is inserted as XML. | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | User-provided value | +| Test.cs:15:25:15:80 | ... + ... | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:15:25:15:80 | ... + ... | This XML element depends on a $@. | Test.cs:8:27:8:49 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected index 97cbabb543d..006ca27fdd7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected @@ -12,6 +12,6 @@ nodes | CodeInjection.cs:56:36:56:44 | access to property Text | semmle.label | access to property Text | subpaths #select -| CodeInjection.cs:29:64:29:67 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:29:64:29:67 | access to local variable code | $@ flows to here and is compiled as code. | CodeInjection.cs:23:23:23:45 | access to property QueryString | User-provided value | -| CodeInjection.cs:40:36:40:39 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:40:36:40:39 | access to local variable code | $@ flows to here and is compiled as code. | CodeInjection.cs:23:23:23:45 | access to property QueryString | User-provided value | -| CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | $@ flows to here and is compiled as code. | CodeInjection.cs:56:36:56:44 | access to property Text | User-provided value | +| CodeInjection.cs:29:64:29:67 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:29:64:29:67 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value | +| CodeInjection.cs:40:36:40:39 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:40:36:40:39 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value | +| CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | This code compilation depends on a $@. | CodeInjection.cs:56:36:56:44 | access to property Text | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected index 8cd9b0955df..75ef7285557 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected @@ -11,5 +11,5 @@ nodes | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | semmle.label | access to local variable connectionString | subpaths #select -| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | $@ flows to here and is used in a resource descriptor. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | User-provided value | -| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | $@ flows to here and is used in a resource descriptor. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | User-provided value | +| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value | +| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected index a8d1ebb8202..869daaa60cb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected @@ -30,8 +30,8 @@ nodes | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String | subpaths #select -| MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | $@ flows to here and is processed as XML without validation because there is no 'XmlReaderSettings' instance specifying schema validation. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | User-provided value | -| MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | $@ flows to here and is processed as XML without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | User-provided value | -| MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | $@ flows to here and is processed as XML without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | User-provided value | -| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | $@ flows to here and is processed as XML without validation because the 'XmlReaderSettings' instance specifies 'ProcessInlineSchema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | User-provided value | -| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | $@ flows to here and is processed as XML without validation because the 'XmlReaderSettings' instance specifies 'ProcessSchemaLocation'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | User-provided value | +| MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because there is no 'XmlReaderSettings' instance specifying schema validation. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value | +| MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value | +| MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value | +| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessInlineSchema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value | +| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessSchemaLocation'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected index 8c25b53570c..2f3c3bbb4a6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected @@ -1 +1 @@ -| Test.cs:10:36:10:46 | access to local variable libraryName | $@ flows to here and is used as the path to dynamically load an assembly. | Test.cs:7:26:7:48 | access to property QueryString | User-provided value | +| Test.cs:10:36:10:46 | access to local variable libraryName | This assembly path depends on a $@. | Test.cs:7:26:7:48 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index 6dca2870db3..cfae0ac589e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -14,6 +14,6 @@ nodes | LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... | subpaths #select -| LogForging.cs:20:21:20:43 | ... + ... | LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:20:21:20:43 | ... + ... | $@ flows to log entry. | LogForging.cs:17:27:17:49 | access to property QueryString | User-provided value | -| LogForging.cs:26:50:26:72 | ... + ... | LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:26:50:26:72 | ... + ... | $@ flows to log entry. | LogForging.cs:17:27:17:49 | access to property QueryString | User-provided value | -| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | $@ flows to log entry. | LogForgingAsp.cs:8:32:8:39 | username | User-provided value | +| LogForging.cs:20:21:20:43 | ... + ... | LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:20:21:20:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:17:27:17:49 | access to property QueryString | user-provided value | +| LogForging.cs:26:50:26:72 | ... + ... | LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:26:50:26:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:17:27:17:49 | access to property QueryString | user-provided value | +| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected index 2aa7b13890b..5945b83d635 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected @@ -21,8 +21,8 @@ nodes | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | semmle.label | access to local variable format | subpaths #select -| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | $@ flows to here and is used as a format string. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | call to method ReadLine | -| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | access to property QueryString | -| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | access to property QueryString | -| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | access to property Text | -| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | $@ flows to here and is used as a format string. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | access to property QueryString | +| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | This format string depends on $@. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | thisexternal | +| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string | +| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string | +| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | This format string depends on $@. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | thisTextBox text | +| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | This format string depends on $@. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | thisASP.NET query string | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected index 6862c7c3dc4..9399dd0a6eb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected @@ -18,12 +18,12 @@ nodes | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | semmle.label | access to local variable p | subpaths #select -| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | access to local variable password | -| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | call to method ToString | -| ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | access to property Message | -| ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | call to method ToString | -| ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data | access to property Data : IDictionary | -| ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | call to method GetField : String | -| ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | call to method GetField : String | -| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | call to method GetField : String | -| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | call to method GetField : String | +| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | sensitive information | +| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | sensitive information | +| ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | sensitive information | +| ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | sensitive information | +| ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data | sensitive information | +| ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information | +| ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information | +| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information | +| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected index 3ad51c3a585..3e273ef83b8 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected @@ -21,10 +21,10 @@ nodes | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | semmle.label | call to method ToString | subpaths #select -| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex | access to local variable ex : Exception | -| ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | access to local variable ex | -| ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex | access to local variable ex : Exception | -| ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException | access to property InnerException : Exception | -| ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex | access to local variable ex : Exception | -| ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex | access to local variable ex : Exception | -| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException | object creation of type MyException : MyException | +| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex | exception information | +| ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | exception information | +| ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex | exception information | +| ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException | exception information | +| ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex | exception information | +| ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex | exception information | +| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException | exception information | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.expected b/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.expected index e4a9695a3f0..d8a6cbf5534 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.expected @@ -10,11 +10,11 @@ nodes | CleartextStorage.cs:74:21:74:29 | access to property Text | semmle.label | access to property Text | subpaths #select -| CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:13:50:13:59 | access to field accountKey | access to field accountKey | -| CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | call to method GetPassword | -| CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | call to method GetPassword | -| CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | call to method GetAccountID | -| CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | call to method GetPassword | -| CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:72:21:72:33 | access to property Text | access to property Text | -| CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:73:21:73:29 | access to property Text | access to property Text | -| CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:74:21:74:29 | access to property Text | access to property Text | +| CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:13:50:13:59 | access to field accountKey | access to field accountKey | +| CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | call to method GetPassword | +| CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | call to method GetPassword | +| CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | call to method GetAccountID | +| CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | call to method GetPassword | +| CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:72:21:72:33 | access to property Text | access to property Text | +| CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:73:21:73:29 | access to property Text | access to property Text | +| CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:74:21:74:29 | access to property Text | access to property Text | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected index 676148bd7ed..7c3a2a7339c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected @@ -1,7 +1,7 @@ -| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | Hard-coded symmetric $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | key | -| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | Hard-coded symmetric $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | key | -| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | Hard-coded symmetric $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | key | -| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | Hard-coded symmetric $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | key | -| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | Hard-coded symmetric $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | key | -| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | Hard-coded symmetric $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | key | -| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | Hard-coded symmetric $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | key | +| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | symmetric key | +| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | symmetric key | +| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key | +| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | This hard-coded $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key | +| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key | +| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key | +| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | symmetric key | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.expected b/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.expected index f4a30f5b52c..9f20b582a86 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.expected @@ -11,6 +11,6 @@ nodes | Test.cs:73:13:73:17 | access to local variable store | semmle.label | access to local variable store | subpaths #select -| Test.cs:18:13:18:17 | access to local variable store | Test.cs:15:31:15:59 | object creation of type X509Store : X509Store | Test.cs:18:13:18:17 | access to local variable store | Certificate added to the root certificate store. | -| Test.cs:28:13:28:17 | access to local variable store | Test.cs:25:31:25:86 | object creation of type X509Store : X509Store | Test.cs:28:13:28:17 | access to local variable store | Certificate added to the root certificate store. | -| Test.cs:73:13:73:17 | access to local variable store | Test.cs:70:31:70:86 | object creation of type X509Store : X509Store | Test.cs:73:13:73:17 | access to local variable store | Certificate added to the root certificate store. | +| Test.cs:18:13:18:17 | access to local variable store | Test.cs:15:31:15:59 | object creation of type X509Store : X509Store | Test.cs:18:13:18:17 | access to local variable store | This certificate is added to the root certificate store. | +| Test.cs:28:13:28:17 | access to local variable store | Test.cs:25:31:25:86 | object creation of type X509Store : X509Store | Test.cs:28:13:28:17 | access to local variable store | This certificate is added to the root certificate store. | +| Test.cs:73:13:73:17 | access to local variable store | Test.cs:70:31:70:86 | object creation of type X509Store : X509Store | Test.cs:73:13:73:17 | access to local variable store | This certificate is added to the root certificate store. | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.expected b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.expected index c989ceb4c73..14d9e9213c6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.expected @@ -9,6 +9,6 @@ nodes | InsecureSQLConnection.cs:55:81:55:93 | access to local variable connectString | semmle.label | access to local variable connectString | subpaths #select -| InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | $@ flows to here and does not specify `Encrypt=True`. | InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | Connection string | -| InsecureSQLConnection.cs:46:81:46:93 | access to local variable connectString | InsecureSQLConnection.cs:44:17:44:64 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd" : String | InsecureSQLConnection.cs:46:81:46:93 | access to local variable connectString | $@ flows to here and does not specify `Encrypt=True`. | InsecureSQLConnection.cs:44:17:44:64 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd" | Connection string | -| InsecureSQLConnection.cs:55:81:55:93 | access to local variable connectString | InsecureSQLConnection.cs:53:17:53:78 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false" : String | InsecureSQLConnection.cs:55:81:55:93 | access to local variable connectString | $@ flows to here and does not specify `Encrypt=True`. | InsecureSQLConnection.cs:53:17:53:78 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false" | Connection string | +| InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | $@ flows to this SQL connection and does not specify `Encrypt=True`. | InsecureSQLConnection.cs:38:52:38:128 | "Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;" | Connection string | +| InsecureSQLConnection.cs:46:81:46:93 | access to local variable connectString | InsecureSQLConnection.cs:44:17:44:64 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd" : String | InsecureSQLConnection.cs:46:81:46:93 | access to local variable connectString | $@ flows to this SQL connection and does not specify `Encrypt=True`. | InsecureSQLConnection.cs:44:17:44:64 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd" | Connection string | +| InsecureSQLConnection.cs:55:81:55:93 | access to local variable connectString | InsecureSQLConnection.cs:53:17:53:78 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false" : String | InsecureSQLConnection.cs:55:81:55:93 | access to local variable connectString | $@ flows to this SQL connection and does not specify `Encrypt=True`. | InsecureSQLConnection.cs:53:17:53:78 | "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false" | Connection string | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected index 4bab46b6292..07cdf34f0c9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected @@ -32,7 +32,7 @@ nodes | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | semmle.label | call to method GeneratePassword | subpaths #select -| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next | -| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next | -| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:72:31:72:39 | call to method Next | call to method Next | -| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | call to method GeneratePassword | +| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next | +| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next | +| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:72:31:72:39 | call to method Next | call to method Next | +| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | call to method GeneratePassword | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.expected b/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.expected index 026fc775cff..fb6df84da98 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.expected @@ -1,3 +1,3 @@ -| AbandonSession.cs:11:13:11:23 | access to property Session | This session has not been invalidated following the call to '$@'. | AbandonSession.cs:9:13:9:68 | call to method Authenticate | Authenticate | -| AbandonSession.cs:51:13:51:23 | access to property Session | This session has not been invalidated following the call to '$@'. | AbandonSession.cs:49:13:49:59 | call to method ValidateUser | ValidateUser | -| AbandonSession.cs:53:9:53:19 | access to property Session | This session has not been invalidated following the call to '$@'. | AbandonSession.cs:49:13:49:59 | call to method ValidateUser | ValidateUser | +| AbandonSession.cs:11:13:11:23 | access to property Session | This session has not been invalidated following the call to $@. | AbandonSession.cs:9:13:9:68 | call to method Authenticate | Authenticate | +| AbandonSession.cs:51:13:51:23 | access to property Session | This session has not been invalidated following the call to $@. | AbandonSession.cs:49:13:49:59 | call to method ValidateUser | ValidateUser | +| AbandonSession.cs:53:9:53:19 | access to property Session | This session has not been invalidated following the call to $@. | AbandonSession.cs:49:13:49:59 | call to method ValidateUser | ValidateUser | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected index 39b2fc91541..c6e463428a6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected @@ -5,4 +5,4 @@ nodes | Test.cs:11:50:11:84 | access to indexer | semmle.label | access to indexer | subpaths #select -| Test.cs:11:50:11:84 | access to indexer | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | $@ flows to here and is loaded insecurely as XML (DTD processing is enabled with an insecure resolver). | Test.cs:11:50:11:72 | access to property QueryString | User-provided value | +| Test.cs:11:50:11:84 | access to indexer | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | This insecure XML processing depends on a $@ (DTD processing is enabled with an insecure resolver). | Test.cs:11:50:11:72 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/StoredXPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-643/StoredXPathInjection.expected index cada6a7e427..63235e25c92 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/StoredXPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/StoredXPathInjection.expected @@ -10,7 +10,7 @@ nodes | StoredXPathInjection.cs:28:41:28:144 | ... + ... | semmle.label | ... + ... | subpaths #select -| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | $@ flows to here and is used in an XPath expression. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | Stored user-provided value | -| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | $@ flows to here and is used in an XPath expression. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | Stored user-provided value | -| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | $@ flows to here and is used in an XPath expression. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | Stored user-provided value | -| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | $@ flows to here and is used in an XPath expression. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | Stored user-provided value | +| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | This XPath expression depends on a $@. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | stored (potentially user-provided) value | +| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | This XPath expression depends on a $@. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | stored (potentially user-provided) value | +| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | This XPath expression depends on a $@. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | stored (potentially user-provided) value | +| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | This XPath expression depends on a $@. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | stored (potentially user-provided) value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected index c5fbc6b2a66..fa812c210ed 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected @@ -43,17 +43,17 @@ nodes | XPathInjection.cs:52:21:52:21 | access to local variable s | semmle.label | access to local variable s | subpaths #select -| XPathInjection.cs:16:33:16:33 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:16:33:16:33 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:10:27:10:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:16:33:16:33 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:16:33:16:33 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:19:29:19:29 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:19:29:19:29 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:10:27:10:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:19:29:19:29 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:19:29:19:29 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:28:20:28:20 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:28:20:28:20 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:10:27:10:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:28:20:28:20 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:28:20:28:20 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:34:30:34:30 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:34:30:34:30 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:10:27:10:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:34:30:34:30 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:34:30:34:30 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:40:21:40:21 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:40:21:40:21 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:10:27:10:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:40:21:40:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:40:21:40:21 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:46:22:46:22 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:46:22:46:22 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:10:27:10:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:46:22:46:22 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:46:22:46:22 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:52:21:52:21 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:52:21:52:21 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:10:27:10:49 | access to property QueryString | User-provided value | -| XPathInjection.cs:52:21:52:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:52:21:52:21 | access to local variable s | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:11:27:11:49 | access to property QueryString | User-provided value | +| XPathInjection.cs:16:33:16:33 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:16:33:16:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:10:27:10:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:16:33:16:33 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:16:33:16:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:19:29:19:29 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:19:29:19:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:10:27:10:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:19:29:19:29 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:19:29:19:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:28:20:28:20 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:28:20:28:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:10:27:10:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:28:20:28:20 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:28:20:28:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:34:30:34:30 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:34:30:34:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:10:27:10:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:34:30:34:30 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:34:30:34:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:40:21:40:21 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:40:21:40:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:10:27:10:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:40:21:40:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:40:21:40:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:46:22:46:22 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:46:22:46:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:10:27:10:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:46:22:46:22 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:46:22:46:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:52:21:52:21 | access to local variable s | XPathInjection.cs:10:27:10:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:52:21:52:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:10:27:10:49 | access to property QueryString | user-provided value | +| XPathInjection.cs:52:21:52:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:52:21:52:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected index 19549b0dcb3..8f378704ce5 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected @@ -20,8 +20,8 @@ nodes | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | semmle.label | access to local variable userInput | subpaths #select -| ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | $@ flows to regular expression operation with dangerous regex. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | User-provided value | -| ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | $@ flows to regular expression operation with dangerous regex. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | User-provided value | -| ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | $@ flows to regular expression operation with dangerous regex. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | User-provided value | -| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | $@ flows to regular expression operation with dangerous regex. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | User-provided value | -| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | $@ flows to regular expression operation with dangerous regex. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | User-provided value | +| ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value | +| ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value | +| ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value | +| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value | +| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected index 5e5b963f9f6..3f985cd5eff 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected @@ -46,11 +46,11 @@ nodes | ConditionalBypass.cs:84:13:84:40 | ... == ... | semmle.label | ... == ... | subpaths #select -| ConditionalBypass.cs:17:13:17:33 | call to method login | ConditionalBypass.cs:12:26:12:48 | access to property QueryString : NameValueCollection | ConditionalBypass.cs:16:13:16:30 | ... == ... | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:16:13:16:30 | ... == ... | this condition | ConditionalBypass.cs:12:26:12:48 | access to property QueryString | user input | -| ConditionalBypass.cs:23:13:23:33 | call to method login | ConditionalBypass.cs:19:34:19:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:22:13:22:45 | call to method Equals | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:22:13:22:45 | call to method Equals | this condition | ConditionalBypass.cs:19:34:19:52 | access to property Cookies | user input | -| ConditionalBypass.cs:29:13:29:33 | call to method login | ConditionalBypass.cs:19:34:19:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:27:13:27:40 | ... == ... | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:27:13:27:40 | ... == ... | this condition | ConditionalBypass.cs:19:34:19:52 | access to property Cookies | user input | -| ConditionalBypass.cs:33:13:33:39 | call to method reCheckAuth | ConditionalBypass.cs:19:34:19:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:27:13:27:40 | ... == ... | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:27:13:27:40 | ... == ... | this condition | ConditionalBypass.cs:19:34:19:52 | access to property Cookies | user input | -| ConditionalBypass.cs:46:13:46:33 | call to method login | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress : IPHostEntry | ConditionalBypass.cs:44:13:44:46 | ... == ... | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:44:13:44:46 | ... == ... | this condition | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress | user input | -| ConditionalBypass.cs:51:13:51:33 | call to method login | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress : IPHostEntry | ConditionalBypass.cs:49:13:49:29 | access to property HostName | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:49:13:49:29 | access to property HostName | this condition | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress | user input | -| ConditionalBypass.cs:73:13:73:33 | call to method login | ConditionalBypass.cs:70:34:70:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:72:13:72:40 | ... == ... | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:72:13:72:40 | ... == ... | this condition | ConditionalBypass.cs:70:34:70:52 | access to property Cookies | user input | -| ConditionalBypass.cs:85:13:85:33 | call to method login | ConditionalBypass.cs:83:34:83:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:84:13:84:40 | ... == ... | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:84:13:84:40 | ... == ... | this condition | ConditionalBypass.cs:83:34:83:52 | access to property Cookies | user input | +| ConditionalBypass.cs:16:13:16:30 | ... == ... | ConditionalBypass.cs:12:26:12:48 | access to property QueryString : NameValueCollection | ConditionalBypass.cs:16:13:16:30 | ... == ... | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:17:13:17:33 | call to method login | action | ConditionalBypass.cs:12:26:12:48 | access to property QueryString | user-provided value | +| ConditionalBypass.cs:22:13:22:45 | call to method Equals | ConditionalBypass.cs:19:34:19:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:22:13:22:45 | call to method Equals | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:23:13:23:33 | call to method login | action | ConditionalBypass.cs:19:34:19:52 | access to property Cookies | user-provided value | +| ConditionalBypass.cs:27:13:27:40 | ... == ... | ConditionalBypass.cs:19:34:19:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:27:13:27:40 | ... == ... | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:29:13:29:33 | call to method login | action | ConditionalBypass.cs:19:34:19:52 | access to property Cookies | user-provided value | +| ConditionalBypass.cs:27:13:27:40 | ... == ... | ConditionalBypass.cs:19:34:19:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:27:13:27:40 | ... == ... | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:33:13:33:39 | call to method reCheckAuth | action | ConditionalBypass.cs:19:34:19:52 | access to property Cookies | user-provided value | +| ConditionalBypass.cs:44:13:44:46 | ... == ... | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress : IPHostEntry | ConditionalBypass.cs:44:13:44:46 | ... == ... | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:46:13:46:33 | call to method login | action | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress | user-provided value | +| ConditionalBypass.cs:49:13:49:29 | access to property HostName | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress : IPHostEntry | ConditionalBypass.cs:49:13:49:29 | access to property HostName | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:51:13:51:33 | call to method login | action | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress | user-provided value | +| ConditionalBypass.cs:72:13:72:40 | ... == ... | ConditionalBypass.cs:70:34:70:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:72:13:72:40 | ... == ... | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:73:13:73:33 | call to method login | action | ConditionalBypass.cs:70:34:70:52 | access to property Cookies | user-provided value | +| ConditionalBypass.cs:84:13:84:40 | ... == ... | ConditionalBypass.cs:83:34:83:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:84:13:84:40 | ... == ... | This condition guards a sensitive $@, but a $@ controls it. | ConditionalBypass.cs:85:13:85:33 | call to method login | action | ConditionalBypass.cs:83:34:83:52 | access to property Cookies | user-provided value | diff --git a/csharp/tools/tracing-config.lua b/csharp/tools/tracing-config.lua index b8a4d4ed847..2db04d83524 100644 --- a/csharp/tools/tracing-config.lua +++ b/csharp/tools/tracing-config.lua @@ -21,8 +21,8 @@ function RegisterExtractorPack(id) -- if that's `build`, we append `-p:UseSharedCompilation=false` to the command line, -- otherwise we do nothing. local match = false - local needsSeparator = false; - local injectionIndex = nil; + local dotnetRunNeedsSeparator = false; + local dotnetRunInjectionIndex = nil; local argv = compilerArguments.argv if OperatingSystem == 'windows' then -- let's hope that this split matches the escaping rules `dotnet` applies to command line arguments @@ -34,7 +34,9 @@ function RegisterExtractorPack(id) -- dotnet options start with either - or / (both are legal) local firstCharacter = string.sub(arg, 1, 1) if not (firstCharacter == '-') and not (firstCharacter == '/') then - Log(1, 'Dotnet subcommand detected: %s', arg) + if (not match) then + Log(1, 'Dotnet subcommand detected: %s', arg) + end if arg == 'build' or arg == 'msbuild' or arg == 'publish' or arg == 'pack' or arg == 'test' then match = true break @@ -43,22 +45,29 @@ function RegisterExtractorPack(id) -- for `dotnet run`, we need to make sure that `-p:UseSharedCompilation=false` is -- not passed in as an argument to the program that is run match = true - needsSeparator = true - injectionIndex = i + 1 + dotnetRunNeedsSeparator = true + dotnetRunInjectionIndex = i + 1 end end + -- if we see a separator to `dotnet run`, inject just prior to the existing separator if arg == '--' then - needsSeparator = false - injectionIndex = i + dotnetRunNeedsSeparator = false + dotnetRunInjectionIndex = i break end + -- if we see an option to `dotnet run` (e.g., `--project`), inject just prior + -- to the last option + if firstCharacter == '-' then + dotnetRunNeedsSeparator = false + dotnetRunInjectionIndex = i + end end if match then local injections = { '-p:UseSharedCompilation=false' } - if needsSeparator then + if dotnetRunNeedsSeparator then table.insert(injections, '--') end - if injectionIndex == nil then + if dotnetRunInjectionIndex == nil then -- Simple case; just append at the end return { order = ORDER_REPLACE, @@ -69,7 +78,7 @@ function RegisterExtractorPack(id) -- Complex case; splice injections into the middle of the command line for i, injectionArg in ipairs(injections) do - table.insert(argv, injectionIndex + i - 1, injectionArg) + table.insert(argv, dotnetRunInjectionIndex + i - 1, injectionArg) end if OperatingSystem == 'windows' then diff --git a/docs/codeql/codeql-cli/creating-codeql-query-suites.rst b/docs/codeql/codeql-cli/creating-codeql-query-suites.rst index c65e1c42ad4..b95412a6dc2 100644 --- a/docs/codeql/codeql-cli/creating-codeql-query-suites.rst +++ b/docs/codeql/codeql-cli/creating-codeql-query-suites.rst @@ -359,20 +359,6 @@ definition using ``query compile``, or use the queries in an analysis using ``database analyze``. For more information about analyzing CodeQL databases, see ":doc:`Analyzing databases with the CodeQL CLI `." -Viewing the query suites used on LGTM.com ------------------------------------------ - -The query suite definitions used to select queries to run on LGTM.com can be -found in the CodeQL repository. For example, to view the CodeQL queries for -JavaScript, visit -https://github.com/github/codeql/tree/main/javascript/ql/src/codeql-suites. - -These suite definitions apply reusable filter patterns to the queries -located in the standard CodeQL packs for each supported language. For more -information, see the `suite-helpers -`__ in the CodeQL -repository. - Further reading --------------- diff --git a/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst index b3ad59da2b5..af2fc646e95 100644 --- a/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst @@ -143,6 +143,7 @@ up to create and analyze databases: - ``codeql/cpp-queries`` - ``codeql/csharp-queries`` + - ``codeql/go-queries`` - ``codeql/java-queries`` - ``codeql/javascript-queries`` - ``codeql/python-queries`` @@ -210,13 +211,9 @@ see ":doc:`About CodeQL packs `." There are different versions of the CodeQL queries available for different users. Check out the correct version for your use case: - - For the queries used on `LGTM.com `__, check out the - ``lgtm.com`` branch. You should use this branch for databases you've built - using the CodeQL CLI, fetched from code scanning on GitHub, or recently downloaded from LGTM.com. - The queries on the ``lgtm.com`` branch are more likely to be compatible - with the ``latest`` CLI, so you'll be less likely to have to upgrade - newly-created databases than if you use the ``main`` branch. Older databases - may need to be upgraded before you can analyze them. + - For the queries that are intended to be used with the latest CodeQL CLI release, check out the + branch tagged ``codeql-cli/latest``. You should use this branch for databases you've built + using the CodeQL CLI, fetched from code scanning on GitHub, or recently downloaded from GitHub.com. - For the most up to date CodeQL queries, check out the ``main`` branch. This branch represents the very latest version of CodeQL's analysis. @@ -268,7 +265,7 @@ Using two versions of the CodeQL CLI If you want to use the latest CodeQL features to execute queries or CodeQL tests, but also want to prepare databases that are compatible with a specific version of -LGTM Enterprise, you may need to install two versions of the CLI. The +CodeQL code scanning on GitHub Enterprise Server, you may need to install two versions of the CLI. The recommended directory setup depends on which versions you want to install: - If both versions are 2.0.2 (or newer), you can unpack both CLI archives in the diff --git a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst index 5592992373b..f120518bd3f 100644 --- a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst @@ -21,7 +21,7 @@ You can install the CodeQL extension using any of the normal methods for install * Go to the `Visual Studio Code Marketplace `__ in your browser and click **Install**. * In the Extensions view (**Ctrl+Shift+X** or **Cmd+Shift+X**), search for ``CodeQL``, then select **Install**. -* Download the `CodeQL VSIX file `__. Then, in the Extensions view, click **More actions** > **Install from VSIX**, and select the CodeQL VSIX file. +* Download the `CodeQL VSIX file `__. Then, in the Extensions view, click the ellipsis representing the **Views and More Actions...** menu, select **Install from VSIX**, then select the CodeQL VSIX file. Configuring access to the CodeQL CLI ------------------------------------ diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst b/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst index ad6ecdb591c..7db0028eb03 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst @@ -1,4 +1,4 @@ -.. codeql-library-for-ruby: +.. _codeql-library-for-ruby: CodeQL library for Ruby ======================= diff --git a/docs/codeql/codeql-overview/index.rst b/docs/codeql/codeql-overview/index.rst index aacb209cf4c..ad43d316535 100644 --- a/docs/codeql/codeql-overview/index.rst +++ b/docs/codeql/codeql-overview/index.rst @@ -9,6 +9,8 @@ Learn more about how CodeQL works, the languages and libraries supported by Code - :doc:`Supported languages and frameworks `: View the languages, libraries, and frameworks supported in the latest version of CodeQL. +- :doc:`System requirements `: View the system requirements for running the latest version of CodeQL. + - :doc:`CodeQL tools `: GitHub provides the CodeQL command-line interface and CodeQL for Visual Studio Code for performing CodeQL analysis on open source codebases. - :doc:`CodeQL glossary `: An overview of the technical terms and concepts in CodeQL. @@ -19,6 +21,7 @@ Learn more about how CodeQL works, the languages and libraries supported by Code about-codeql supported-languages-and-frameworks + system-requirements codeql-tools codeql-glossary diff --git a/docs/codeql/codeql-overview/system-requirements.rst b/docs/codeql/codeql-overview/system-requirements.rst new file mode 100644 index 00000000000..5569462e5ae --- /dev/null +++ b/docs/codeql/codeql-overview/system-requirements.rst @@ -0,0 +1,35 @@ +:tocdepth: 1 + +.. _system-requirements: + +System requirements +------------------- + +System requirements for running the latest version of CodeQL. + +Supported platforms +####################### + +.. include:: ../support/reusables/platforms.rst + +Additional software requirements +################################ + +To generate a CodeQL database for a compiled language, you must ensure that the system can successfully build and compile your code, independently of CodeQL. + +In addition, CodeQL extraction has the following requirements. + +For extraction of compiled languages (C/C++, C#, Go, Java) and Ruby on Linux: + +- ``glibc`` version 2.17 or greater must be installed. +- ``musl-c``-based Linux distributions, such as Alpine Linux, are not supported. + +For TypeScript extraction on all platforms: + +- Node.js must be installed and available on the ``PATH`` as ``node``. + +For Python extraction: + +- On Linux and macOS, Python 3 must be installed and available on the ``PATH`` as ``python3`` or ``python``. +- For Python 2 extraction on Linux and macOS, we also recommend having Python 2 installed and available on the ``PATH`` as ``python2``. +- On Windows, the Python launcher must be installed and available on the ``PATH`` as ``py.exe``. diff --git a/docs/codeql/index.html b/docs/codeql/index.html index d69c275afe4..f369c3c7cb8 100644 --- a/docs/codeql/index.html +++ b/docs/codeql/index.html @@ -97,6 +97,13 @@
    View the languages, libraries, and frameworks supported in the latest version of CodeQL...
    +
    + +
    System requirements
    +     +
    View the system requirements for running the + latest version of CodeQL...
    +
    Academic publications
    diff --git a/docs/codeql/support/reusables/frameworks.rst b/docs/codeql/support/reusables/frameworks.rst index fc5410648cf..b83b26f486a 100644 --- a/docs/codeql/support/reusables/frameworks.rst +++ b/docs/codeql/support/reusables/frameworks.rst @@ -221,11 +221,17 @@ and the CodeQL library pack ``codeql/python-all`` (`changelog `__, `source `__) +and the CodeQL library pack ``codeql/ruby-all`` (`changelog `__, `source `__). + +.. csv-table:: + :header-rows: 1 + :class: fullWidthTable + :widths: auto + + Name, Category + excon, HTTP client + faraday, HTTP client + http_client, HTTP client + httparty, HTTP client + libxml-ruby, XML processing library + nokogiri, XML processing library + open-uri, HTTP client + posix-spawn, Utility library + rest-client, HTTP client + Ruby on Rails, Web framework + rubyzip, Compression library + typhoeus, HTTP client + diff --git a/docs/codeql/support/reusables/platforms.rst b/docs/codeql/support/reusables/platforms.rst new file mode 100644 index 00000000000..5f9f1e91aae --- /dev/null +++ b/docs/codeql/support/reusables/platforms.rst @@ -0,0 +1,29 @@ +.. csv-table:: + :header-rows: 1 + :widths: auto + :stub-columns: 1 + + Operating system,Supported versions,Supported CPU architectures + Linux,"Ubuntu 18.04 + + Ubuntu 20.04 + + Ubuntu 21.04 + + Ubuntu 22.04","x86-64" + Windows,"Windows 10 / Windows Server 2019 + + Windows 11 / Windows Server 2022","x86-64" + macOS,"macOS 10.15 Catalina + + macOS 11 Big Sur + + macOS 12 Monterey","x86-64 + + x86-64, arm64 (Apple Silicon) + + x86-64, arm64 (Apple Silicon) [1]_" + +.. container:: footnote-group + + .. [1] Support for Apple Silicon is currently in beta. diff --git a/docs/codeql/support/reusables/versions-compilers.rst b/docs/codeql/support/reusables/versions-compilers.rst index fbf6b67ffb6..797c9980e0a 100644 --- a/docs/codeql/support/reusables/versions-compilers.rst +++ b/docs/codeql/support/reusables/versions-compilers.rst @@ -22,7 +22,7 @@ Eclipse compiler for Java (ECJ) [5]_",``.java`` JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [6]_" Python [7]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10",Not applicable,``.py`` - Ruby [8]_,"up to 3.0.2",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" + Ruby [8]_,"up to 3.1",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" TypeScript [9]_,"2.6-4.8",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" .. container:: footnote-group diff --git a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst index 61d81bf6f3e..6dc9c126cec 100644 --- a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst +++ b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst @@ -47,15 +47,14 @@ Query metadata Query metadata is used to identify your custom queries when they are added to the GitHub repository or used in your analysis. Metadata provides information about the query's purpose, and also specifies how to interpret and display the query results. For a full list of metadata properties, see ":doc:`Metadata for CodeQL queries `." The exact metadata requirement depends on how you are going to run your query: - If you are contributing a query to the GitHub repository, please read the `query metadata style guide `__. -- If you are adding a custom query to a query pack for analysis using LGTM , see `Writing custom queries to include in LGTM analysis `__. - If you are analyzing a database using the :ref:`CodeQL CLI `, your query metadata must contain ``@kind``. -- If you are running a query in the query console on LGTM or with the CodeQL extension for VS Code, metadata is not mandatory. However, if you want your results to be displayed as either an 'alert' or a 'path', you must specify the correct ``@kind`` property, as explained below. For more information, see `Using the query console `__ on LGTM.com and ":ref:`Analyzing your projects `" in the CodeQL for VS Code help. +- If you are running a query with the CodeQL extension for VS Code, metadata is not mandatory. However, if you want your results to be displayed as either an 'alert' or a 'path', you must specify the correct ``@kind`` property, as explained below. For more information, see ":ref:`Analyzing your projects `" in the CodeQL for VS Code help. .. pull-quote:: Note - Queries that are contributed to the open source repository, added to a query pack in LGTM, or used to analyze a database with the :ref:`CodeQL CLI ` must have a query type (``@kind``) specified. The ``@kind`` property indicates how to interpret and display the results of the query analysis: + Queries that are contributed to the open source repository, or used to analyze a database with the :ref:`CodeQL CLI ` must have a query type (``@kind``) specified. The ``@kind`` property indicates how to interpret and display the results of the query analysis: - Alert query metadata must contain ``@kind problem`` to identify the results as a simple alert. - Path query metadata must contain ``@kind path-problem`` to identify the results as an alert documented by a sequence of code locations. @@ -70,14 +69,16 @@ Import statements Each query generally contains one or more ``import`` statements, which define the :ref:`libraries ` or :ref:`modules ` to import into the query. Libraries and modules provide a way of grouping together related :ref:`types `, :ref:`predicates `, and other modules. The contents of each library or module that you import can then be accessed by the query. Our `open source repository on GitHub `__ contains the standard CodeQL libraries for each supported language. -When writing your own alert queries, you would typically import the standard library for the language of the project that you are querying, using ``import`` followed by a language: +When writing your own alert queries, you would typically import the standard library for the language of the project that you are querying. For more information about importing the standard CodeQL libraries, see the CodeQL library guides: -- C/C++: ``cpp`` -- C#: ``csharp`` -- Go: ``go`` -- Java: ``java`` -- JavaScript/TypeScript: ``javascript`` -- Python: ``python`` +- :ref:`CodeQL library guide for C and C++ ` +- :ref:`CodeQL library guide for C# ` +- :ref:`CodeQL library guide for Go ` +- :ref:`CodeQL library guide for Java ` +- :ref:`CodeQL library guide for JavaScript ` +- :ref:`CodeQL library guide for Python ` +- :ref:`CodeQL library guide for Ruby ` +- :ref:`CodeQL library guide for TypeScript ` There are also libraries containing commonly used predicates, types, and other modules associated with different analyses, including data flow, control flow, and taint-tracking. In order to calculate path graphs, path queries require you to import a data flow library into the query file. For more information, see ":doc:`Creating path queries `." @@ -129,7 +130,7 @@ Contributing queries ******************** Contributions to the standard queries and libraries are very welcome. For more information, see our `contributing guidelines `__. -If you are contributing a query to the open source GitHub repository, writing a custom query for LGTM, or using a custom query in an analysis with the CodeQL CLI, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata: +If you are contributing a query to the open source GitHub repository or using a custom query in an analysis with the CodeQL CLI, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata: - ":doc:`Metadata for CodeQL queries `" - `Query metadata style guide on GitHub `__ diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index c41b67d427c..3be8823470c 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -18,7 +18,7 @@ This topic provides information on how to structure a path query file so you can Note - The alerts generated by path queries are displayed by default in `LGTM `__ and included in the results generated using the :ref:`CodeQL CLI `. You can also view the path explanations generated by your path query `directly in LGTM `__ or in the CodeQL :ref:`extension for VS Code `. + The alerts generated by path queries are included in the results generated using the :ref:`CodeQL CLI ` and in `code scanning `__. You can also view the path explanations generated by your path query in the :ref:`CodeQL extension for VS Code `. To learn more about modeling data flow with CodeQL, see ":doc:`About data flow analysis `." @@ -155,7 +155,7 @@ Select clauses for path queries consist of four 'columns', with the following st select element, source, sink, string The ``element`` and ``string`` columns represent the location of the alert and the alert message respectively, as explained in ":doc:`About CodeQL queries `." The second and third columns, ``source`` and ``sink``, are nodes on the path graph selected by the query. -Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in LGTM or in the :ref:`CodeQL extension for VS Code `. +Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the :ref:`CodeQL extension for VS Code `. The ``element`` that you select in the first column depends on the purpose of the query and the type of issue that it is designed to find. This is particularly important for security issues. For example, if you believe the ``source`` value to be globally invalid or malicious it may be best to display the alert at the ``source``. In contrast, you should consider displaying the alert at the ``sink`` if you believe it is the element that requires sanitization. diff --git a/docs/codeql/writing-codeql-queries/query-help-files.rst b/docs/codeql/writing-codeql-queries/query-help-files.rst index 60c37fce84f..3dffae2185c 100644 --- a/docs/codeql/writing-codeql-queries/query-help-files.rst +++ b/docs/codeql/writing-codeql-queries/query-help-files.rst @@ -16,10 +16,7 @@ For more information about how to write useful query help in a style that is con You can access the query help for CodeQL queries by visiting `CodeQL query help `__. You can also access the raw query help files in the `GitHub repository `__. For example, see the `JavaScript security queries `__ and `C/C++ critical queries `__. - - For queries run by default on LGTM, there are several different ways to access the query help. For further information, see `Where do I see the query help for a query on LGTM? `__ in the LGTM user help. - - + Overview ======== diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 1f851cdf663..c38ebde0723 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.3.1 + +### Minor Analysis Improvements + +* Added support for `BeegoInput.RequestBody` as a source of untrusted data. + ## 0.3.0 ### Deprecated APIs diff --git a/go/ql/lib/change-notes/released/0.3.1.md b/go/ql/lib/change-notes/released/0.3.1.md new file mode 100644 index 00000000000..be16eed5d3e --- /dev/null +++ b/go/ql/lib/change-notes/released/0.3.1.md @@ -0,0 +1,5 @@ +## 0.3.1 + +### Minor Analysis Improvements + +* Added support for `BeegoInput.RequestBody` as a source of untrusted data. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 95f6e3a0ba6..bb106b1cb63 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.0 +lastReleaseVersion: 0.3.1 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 8025056129c..3b38291ebb5 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.3.1-dev +version: 0.3.2-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll index 6d927112584..85334e83ab8 100644 --- a/go/ql/lib/semmle/go/frameworks/Beego.qll +++ b/go/ql/lib/semmle/go/frameworks/Beego.qll @@ -103,6 +103,17 @@ module Beego { } } + /** + * `BeegoInputRequestBody` sources of untrusted data. + */ + private class BeegoInputRequestBodySource extends UntrustedFlowSource::Range { + BeegoInputRequestBodySource() { + exists(DataFlow::FieldReadNode frn | this = frn | + frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody") + ) + } + } + /** * `beego/context.Context` sources of untrusted data. */ diff --git a/go/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll b/go/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll index 2cbb350461b..3bc6b5f5eec 100644 --- a/go/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll +++ b/go/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll @@ -64,7 +64,7 @@ module InsecureRandomness { ) } - override string getKind() { result = "this cryptographic algorithm" } + override string getKind() { result = "This cryptographic algorithm" } } /** @@ -75,7 +75,7 @@ module InsecureRandomness { this.getRoot().(FuncDef).getName().regexpMatch("(?i).*(gen(erate)?|salt|make|mk)Password.*") } - override string getKind() { result = "a password-related function" } + override string getKind() { result = "A password-related function" } } /** Gets a package that implements hash algorithms. */ diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 47dabdb2d2e..68880b18281 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.1 + +No user-facing changes. + ## 0.3.0 ### Query Metadata Changes diff --git a/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql b/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql index e3b725f4fdd..e0ba130ed19 100644 --- a/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +++ b/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql @@ -3,6 +3,7 @@ * @name Successfully analyzed files * @description List all files that were successfully extracted. * @kind diagnostic + * @tags successfully-extracted-files */ import go diff --git a/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql b/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql index c846ef16303..93889b0a23e 100644 --- a/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql +++ b/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql @@ -61,4 +61,4 @@ where // } n = DataFlow::BarrierGuard::getABarrierNode() ) -select n, "The first argument to 'errors.Wrap' is always nil" +select n, "The first argument to 'errors.Wrap' is always nil." diff --git a/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql b/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql index 71ae1ac183a..5c1b4528302 100644 --- a/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql +++ b/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql @@ -48,5 +48,5 @@ class Config extends DataFlow::Configuration { from Config c, DataFlow::PathNode source, DataFlow::PathNode sink, string report where c.hasFlowPath(source, sink) and c.isSource(source.getNode(), report) -select source, source, sink, "$@ that is $@ contains " + report, source, "A string literal", sink, +select source, source, sink, "This string literal that is $@ contains " + report, sink, "used as a regular expression" diff --git a/go/ql/src/Security/CWE-117/LogInjection.ql b/go/ql/src/Security/CWE-117/LogInjection.ql index 070788af884..dbf0c767bb3 100644 --- a/go/ql/src/Security/CWE-117/LogInjection.ql +++ b/go/ql/src/Security/CWE-117/LogInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from LogInjection::Configuration c, DataFlow::PathNode source, DataFlow::PathNode sink where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(), +select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp index 02fa1e6bc8d..ce4872fa66c 100644 --- a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp +++ b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp @@ -30,7 +30,7 @@ When the allow list contains only a single host key then the function Fixe -

    The following example shows the use of InsecureIgnoreHostKey and an insecure host key callback implemention commonly used in non-production code.

    +

    The following example shows the use of InsecureIgnoreHostKey and an insecure host key callback implementation commonly used in non-production code.

    diff --git a/go/ql/src/Security/CWE-338/InsecureRandomness.ql b/go/ql/src/Security/CWE-338/InsecureRandomness.ql index 37ec1c21655..e87bbbae37b 100644 --- a/go/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/go/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -19,7 +19,7 @@ where cfg.hasFlowPath(source, sink) and cfg.isSink(sink.getNode(), kind) and ( - kind != "a password-related function" + kind != "A password-related function" or sink = min(DataFlow::PathNode sink2, int line | @@ -31,5 +31,5 @@ where ) ) select sink.getNode(), source, sink, - "$@ generated with a cryptographically weak RNG is used in $@.", source.getNode(), - "A random number", sink.getNode(), kind + kind + " depends on a $@ generated with a cryptographically weak RNG.", source.getNode(), + "random number" diff --git a/cpp/ql/src/change-notes/2022-09-23-alert-messages.md b/go/ql/src/change-notes/2022-10-07-alert-messages.md similarity index 100% rename from cpp/ql/src/change-notes/2022-09-23-alert-messages.md rename to go/ql/src/change-notes/2022-10-07-alert-messages.md diff --git a/go/ql/src/change-notes/released/0.3.1.md b/go/ql/src/change-notes/released/0.3.1.md new file mode 100644 index 00000000000..9fd4efd6c80 --- /dev/null +++ b/go/ql/src/change-notes/released/0.3.1.md @@ -0,0 +1,3 @@ +## 0.3.1 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 95f6e3a0ba6..bb106b1cb63 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.0 +lastReleaseVersion: 0.3.1 diff --git a/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp b/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp index b641cbda184..ddbb4572eae 100644 --- a/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp +++ b/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp @@ -18,7 +18,7 @@

    - Generating a cryptograhically secure secret key during application initialization and using this generated key for future JWT signing requests can prevent this vulnerability. + Generating a cryptographically secure secret key during application initialization and using this generated key for future JWT signing requests can prevent this vulnerability.

    diff --git a/go/ql/src/experimental/CWE-369/DivideByZero.qhelp b/go/ql/src/experimental/CWE-369/DivideByZero.qhelp index ae39d1df890..dc5cb2cf205 100644 --- a/go/ql/src/experimental/CWE-369/DivideByZero.qhelp +++ b/go/ql/src/experimental/CWE-369/DivideByZero.qhelp @@ -18,7 +18,7 @@ possibly causing a divide-by-zero panic.

    -This can be fixed by testing the divisor against against zero: +This can be fixed by testing the divisor against zero:

    diff --git a/go/ql/src/experimental/CWE-369/DivideByZero.ql b/go/ql/src/experimental/CWE-369/DivideByZero.ql index 8aa12f7f66e..b2e61bef37d 100644 --- a/go/ql/src/experimental/CWE-369/DivideByZero.ql +++ b/go/ql/src/experimental/CWE-369/DivideByZero.ql @@ -54,5 +54,4 @@ class DivideByZeroCheckConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, DivideByZeroCheckConfig cfg where cfg.hasFlowPath(source, sink) -select sink, source, sink, "Variable $@ might be zero leading to a division-by-zero panic.", sink, - sink.getNode().toString() +select sink, source, sink, "This variable might be zero leading to a division-by-zero panic." diff --git a/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql b/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql index 253d598835d..66fb90664ea 100644 --- a/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql +++ b/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql @@ -66,4 +66,4 @@ query predicate edges(CallGraphNode pred, CallGraphNode succ) { from LoopStmt loop, DatabaseAccess dbAccess where edges*(loop, dbAccess.asExpr()) -select dbAccess, loop, dbAccess, "$@ is called in $@", dbAccess, dbAccess.toString(), loop, "a loop" +select dbAccess, loop, dbAccess, "This calls " + dbAccess.toString() + " in a $@.", loop, "loop" diff --git a/go/ql/src/experimental/CWE-918/SSRF.qhelp b/go/ql/src/experimental/CWE-918/SSRF.qhelp index 7eeeabb68f6..ea37350698e 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qhelp +++ b/go/ql/src/experimental/CWE-918/SSRF.qhelp @@ -14,7 +14,7 @@ server side request forgery attacks, where the attacker controls the request tar

    To guard against server side request forgery, it is advisable to avoid putting user input directly into a network request. If using user input is necessary, then it must be validated. It is recommended to only allow -user input consisting of alphanumeric characters. Simply URL-encoding other chracters is not always a solution, +user input consisting of alphanumeric characters. Simply URL-encoding other characters is not always a solution, for example because a downstream entity that is itself vulnerable may decode again before forwarding the request.

    diff --git a/go/ql/src/experimental/CWE-918/SSRF.ql b/go/ql/src/experimental/CWE-918/SSRF.ql index 41c41bb18de..4c14969c35f 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.ql +++ b/go/ql/src/experimental/CWE-918/SSRF.ql @@ -19,4 +19,4 @@ from where cfg.hasFlowPath(source, sink) and request = sink.getNode().(ServerSideRequestForgery::Sink).getARequest() -select request, source, sink, "The URL of this request depends on a user-provided value" +select request, source, sink, "The URL of this request depends on a user-provided value." diff --git a/go/ql/src/experimental/IntegerOverflow/IntegerOverflow.ql b/go/ql/src/experimental/IntegerOverflow/IntegerOverflow.ql index 3a3c6b1d745..ca17228816c 100644 --- a/go/ql/src/experimental/IntegerOverflow/IntegerOverflow.ql +++ b/go/ql/src/experimental/IntegerOverflow/IntegerOverflow.ql @@ -11,4 +11,4 @@ import RangeAnalysis from Expr expr where exprMayOverflow(expr) or exprMayUnderflow(expr) -select expr, "this expression may cause an integer overflow" +select expr, "This expression may cause an integer overflow." diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index f454b5ce9d9..574b63f69c1 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.3.1-dev +version: 0.3.2-dev groups: - go - queries diff --git a/go/ql/test/experimental/CWE-369/DivideByZero.expected b/go/ql/test/experimental/CWE-369/DivideByZero.expected index 35a3e399cb7..e80e3295c22 100644 --- a/go/ql/test/experimental/CWE-369/DivideByZero.expected +++ b/go/ql/test/experimental/CWE-369/DivideByZero.expected @@ -24,9 +24,9 @@ nodes | DivideByZero.go:57:17:57:21 | value | semmle.label | value | subpaths #select -| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value | -| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value | -| DivideByZero.go:26:16:26:20 | value | DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:26:16:26:20 | value | value | -| DivideByZero.go:33:16:33:20 | value | DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:33:16:33:20 | value | value | -| DivideByZero.go:40:16:40:20 | value | DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:40:16:40:20 | value | value | -| DivideByZero.go:57:17:57:21 | value | DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:57:17:57:21 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:57:17:57:21 | value | value | +| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | This variable might be zero leading to a division-by-zero panic. | +| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | This variable might be zero leading to a division-by-zero panic. | +| DivideByZero.go:26:16:26:20 | value | DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value | This variable might be zero leading to a division-by-zero panic. | +| DivideByZero.go:33:16:33:20 | value | DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value | This variable might be zero leading to a division-by-zero panic. | +| DivideByZero.go:40:16:40:20 | value | DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value | This variable might be zero leading to a division-by-zero panic. | +| DivideByZero.go:57:17:57:21 | value | DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:57:17:57:21 | value | This variable might be zero leading to a division-by-zero panic. | diff --git a/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.expected b/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.expected index bb197203f22..074dfaa134f 100644 --- a/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.expected +++ b/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.expected @@ -8,6 +8,6 @@ edges | test.go:24:2:26:2 | for statement | test.go:25:3:25:17 | call to runRunQuery | | test.go:25:3:25:17 | call to runRunQuery | test.go:14:1:16:1 | function declaration | #select -| DatabaseCallInLoop.go:9:3:9:41 | call to First | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First | $@ is called in $@ | DatabaseCallInLoop.go:9:3:9:41 | call to First | call to First | DatabaseCallInLoop.go:7:2:11:2 | range statement | a loop | -| test.go:11:2:11:13 | call to Take | test.go:20:2:22:2 | for statement | test.go:11:2:11:13 | call to Take | $@ is called in $@ | test.go:11:2:11:13 | call to Take | call to Take | test.go:20:2:22:2 | for statement | a loop | -| test.go:11:2:11:13 | call to Take | test.go:24:2:26:2 | for statement | test.go:11:2:11:13 | call to Take | $@ is called in $@ | test.go:11:2:11:13 | call to Take | call to Take | test.go:24:2:26:2 | for statement | a loop | +| DatabaseCallInLoop.go:9:3:9:41 | call to First | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First | This calls call to First in a $@. | DatabaseCallInLoop.go:7:2:11:2 | range statement | loop | +| test.go:11:2:11:13 | call to Take | test.go:20:2:22:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:20:2:22:2 | for statement | loop | +| test.go:11:2:11:13 | call to Take | test.go:24:2:26:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:24:2:26:2 | for statement | loop | diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index a0b9993a4ca..5fdd1775d3d 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -55,20 +55,20 @@ nodes | new-tests.go:96:11:96:46 | ...+... | semmle.label | ...+... | subpaths #select -| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue : string | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value | -| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer : string | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value | -| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer : string | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value | -| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer : string | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value | -| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer : string | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value | -| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value | -| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value | -| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value | -| new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param : string | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value | -| new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query : string | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value | -| new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value | -| new-tests.go:69:2:69:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:69:11:69:57 | call to Sprintf | The URL of this request depends on a user-provided value | -| new-tests.go:74:3:74:59 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:74:12:74:58 | call to Sprintf | The URL of this request depends on a user-provided value | -| new-tests.go:79:2:79:47 | call to Get | new-tests.go:78:18:78:24 | selection of URL : pointer type | new-tests.go:79:11:79:46 | ...+... | The URL of this request depends on a user-provided value | -| new-tests.go:82:2:82:47 | call to Get | new-tests.go:81:37:81:43 | selection of URL : pointer type | new-tests.go:82:11:82:46 | ...+... | The URL of this request depends on a user-provided value | -| new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars : map type | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value | -| new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam : string | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value | +| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue : string | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value. | +| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer : string | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer : string | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer : string | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer : string | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. | +| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param : string | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. | +| new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query : string | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. | +| new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:69:2:69:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:69:11:69:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:74:3:74:59 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:74:12:74:58 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:79:2:79:47 | call to Get | new-tests.go:78:18:78:24 | selection of URL : pointer type | new-tests.go:79:11:79:46 | ...+... | The URL of this request depends on a user-provided value. | +| new-tests.go:82:2:82:47 | call to Get | new-tests.go:81:37:81:43 | selection of URL : pointer type | new-tests.go:82:11:82:46 | ...+... | The URL of this request depends on a user-provided value. | +| new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars : map type | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value. | +| new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam : string | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value. | diff --git a/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go b/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go index cac752dbcb2..5e6bf92ddcf 100644 --- a/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go +++ b/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go @@ -120,7 +120,7 @@ func main() { } }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. responseHeader := w.Header() { origin := req.Header.Get("origin") @@ -137,7 +137,7 @@ func main() { }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { originSuffix := ".example.com" - // OK-ish: the input origin header is validated agains a suffix. + // OK-ish: the input origin header is validated against a suffix. origin := req.Header.Get("Origin") if origin != "" && (originSuffix == "" || strings.HasSuffix(origin, originSuffix)) { w.Header().Set("Access-Control-Allow-Origin", origin) @@ -152,7 +152,7 @@ func main() { }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { originSuffix := ".example.com" - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. origin := req.Header.Get("Origin") if origin != "" && (originSuffix == "" || AccessControlAllowOrigins[origin]) { w.Header().Set("Access-Control-Allow-Origin", origin) @@ -166,7 +166,7 @@ func main() { } }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. origin := req.Header.Get("origin") if origin != "" && origin != "null" { if len(AccessControlAllowOrigins) == 0 || AccessControlAllowOrigins[origin] { @@ -178,7 +178,7 @@ func main() { } }) // http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // // OK-ish: the input origin header is validated agains a whitelist. + // // OK-ish: the input origin header is validated against a whitelist. // origin := req.Header.Get("origin") // if origin != "" && origin != "null" { // if _, ok := AccessControlAllowOrigins[origin]; ok { @@ -190,7 +190,7 @@ func main() { // } // }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. if origin := req.Header.Get("Origin"); cors[origin] { w.Header().Set("Access-Control-Allow-Origin", origin) } else if len(origin) > 0 && cors["*"] { @@ -202,7 +202,7 @@ func main() { w.Header().Set("Access-Control-Allow-Credentials", "true") }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. origin := req.Header.Get("origin") for _, v := range GetAllowOrigin() { if v == origin { diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected index 6056f572d7c..11e51609b05 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected @@ -1,72 +1,72 @@ edges nodes -| test.go:147:14:147:21 | password | semmle.label | password | -| test.go:148:17:148:24 | password | semmle.label | password | -| test.go:149:14:149:21 | password | semmle.label | password | -| test.go:150:18:150:25 | password | semmle.label | password | -| test.go:151:14:151:21 | password | semmle.label | password | -| test.go:152:13:152:20 | password | semmle.label | password | -| test.go:153:22:153:29 | password | semmle.label | password | -| test.go:154:15:154:22 | password | semmle.label | password | -| test.go:155:14:155:21 | password | semmle.label | password | -| test.go:156:13:156:20 | password | semmle.label | password | -| test.go:157:16:157:23 | password | semmle.label | password | -| test.go:158:13:158:20 | password | semmle.label | password | -| test.go:159:16:159:23 | password | semmle.label | password | -| test.go:160:13:160:20 | password | semmle.label | password | -| test.go:161:17:161:24 | password | semmle.label | password | -| test.go:162:13:162:20 | password | semmle.label | password | -| test.go:163:12:163:19 | password | semmle.label | password | -| test.go:164:21:164:28 | password | semmle.label | password | -| test.go:165:14:165:21 | password | semmle.label | password | -| test.go:166:13:166:20 | password | semmle.label | password | -| test.go:167:12:167:19 | password | semmle.label | password | -| test.go:168:15:168:22 | password | semmle.label | password | +| test.go:148:14:148:21 | password | semmle.label | password | +| test.go:149:17:149:24 | password | semmle.label | password | +| test.go:150:14:150:21 | password | semmle.label | password | +| test.go:151:18:151:25 | password | semmle.label | password | +| test.go:152:14:152:21 | password | semmle.label | password | +| test.go:153:13:153:20 | password | semmle.label | password | +| test.go:154:22:154:29 | password | semmle.label | password | +| test.go:155:15:155:22 | password | semmle.label | password | +| test.go:156:14:156:21 | password | semmle.label | password | +| test.go:157:13:157:20 | password | semmle.label | password | +| test.go:158:16:158:23 | password | semmle.label | password | +| test.go:159:13:159:20 | password | semmle.label | password | +| test.go:160:16:160:23 | password | semmle.label | password | +| test.go:161:13:161:20 | password | semmle.label | password | +| test.go:162:17:162:24 | password | semmle.label | password | +| test.go:163:13:163:20 | password | semmle.label | password | +| test.go:164:12:164:19 | password | semmle.label | password | +| test.go:165:21:165:28 | password | semmle.label | password | +| test.go:166:14:166:21 | password | semmle.label | password | +| test.go:167:13:167:20 | password | semmle.label | password | +| test.go:168:12:168:19 | password | semmle.label | password | | test.go:169:15:169:22 | password | semmle.label | password | -| test.go:170:18:170:25 | password | semmle.label | password | -| test.go:171:15:171:22 | password | semmle.label | password | -| test.go:172:19:172:26 | password | semmle.label | password | -| test.go:173:15:173:22 | password | semmle.label | password | -| test.go:174:14:174:21 | password | semmle.label | password | -| test.go:175:23:175:30 | password | semmle.label | password | -| test.go:176:16:176:23 | password | semmle.label | password | -| test.go:177:15:177:22 | password | semmle.label | password | -| test.go:178:14:178:21 | password | semmle.label | password | -| test.go:179:17:179:24 | password | semmle.label | password | -| test.go:180:16:180:23 | password | semmle.label | password | +| test.go:170:15:170:22 | password | semmle.label | password | +| test.go:171:18:171:25 | password | semmle.label | password | +| test.go:172:15:172:22 | password | semmle.label | password | +| test.go:173:19:173:26 | password | semmle.label | password | +| test.go:174:15:174:22 | password | semmle.label | password | +| test.go:175:14:175:21 | password | semmle.label | password | +| test.go:176:23:176:30 | password | semmle.label | password | +| test.go:177:16:177:23 | password | semmle.label | password | +| test.go:178:15:178:22 | password | semmle.label | password | +| test.go:179:14:179:21 | password | semmle.label | password | +| test.go:180:17:180:24 | password | semmle.label | password | +| test.go:181:16:181:23 | password | semmle.label | password | subpaths #select -| test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | $@ flows to a logging call. | test.go:147:14:147:21 | password | Sensitive data returned by an access to password | -| test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | $@ flows to a logging call. | test.go:148:17:148:24 | password | Sensitive data returned by an access to password | -| test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | $@ flows to a logging call. | test.go:149:14:149:21 | password | Sensitive data returned by an access to password | -| test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | $@ flows to a logging call. | test.go:150:18:150:25 | password | Sensitive data returned by an access to password | -| test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | $@ flows to a logging call. | test.go:151:14:151:21 | password | Sensitive data returned by an access to password | -| test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | $@ flows to a logging call. | test.go:152:13:152:20 | password | Sensitive data returned by an access to password | -| test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | $@ flows to a logging call. | test.go:153:22:153:29 | password | Sensitive data returned by an access to password | -| test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | $@ flows to a logging call. | test.go:154:15:154:22 | password | Sensitive data returned by an access to password | -| test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | $@ flows to a logging call. | test.go:155:14:155:21 | password | Sensitive data returned by an access to password | -| test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | $@ flows to a logging call. | test.go:156:13:156:20 | password | Sensitive data returned by an access to password | -| test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | $@ flows to a logging call. | test.go:157:16:157:23 | password | Sensitive data returned by an access to password | -| test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | $@ flows to a logging call. | test.go:158:13:158:20 | password | Sensitive data returned by an access to password | -| test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | $@ flows to a logging call. | test.go:159:16:159:23 | password | Sensitive data returned by an access to password | -| test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | $@ flows to a logging call. | test.go:160:13:160:20 | password | Sensitive data returned by an access to password | -| test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | $@ flows to a logging call. | test.go:161:17:161:24 | password | Sensitive data returned by an access to password | -| test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | $@ flows to a logging call. | test.go:162:13:162:20 | password | Sensitive data returned by an access to password | -| test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | $@ flows to a logging call. | test.go:163:12:163:19 | password | Sensitive data returned by an access to password | -| test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | $@ flows to a logging call. | test.go:164:21:164:28 | password | Sensitive data returned by an access to password | -| test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | $@ flows to a logging call. | test.go:165:14:165:21 | password | Sensitive data returned by an access to password | -| test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | $@ flows to a logging call. | test.go:166:13:166:20 | password | Sensitive data returned by an access to password | -| test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | $@ flows to a logging call. | test.go:167:12:167:19 | password | Sensitive data returned by an access to password | -| test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | $@ flows to a logging call. | test.go:168:15:168:22 | password | Sensitive data returned by an access to password | +| test.go:148:14:148:21 | password | test.go:148:14:148:21 | password | test.go:148:14:148:21 | password | $@ flows to a logging call. | test.go:148:14:148:21 | password | Sensitive data returned by an access to password | +| test.go:149:17:149:24 | password | test.go:149:17:149:24 | password | test.go:149:17:149:24 | password | $@ flows to a logging call. | test.go:149:17:149:24 | password | Sensitive data returned by an access to password | +| test.go:150:14:150:21 | password | test.go:150:14:150:21 | password | test.go:150:14:150:21 | password | $@ flows to a logging call. | test.go:150:14:150:21 | password | Sensitive data returned by an access to password | +| test.go:151:18:151:25 | password | test.go:151:18:151:25 | password | test.go:151:18:151:25 | password | $@ flows to a logging call. | test.go:151:18:151:25 | password | Sensitive data returned by an access to password | +| test.go:152:14:152:21 | password | test.go:152:14:152:21 | password | test.go:152:14:152:21 | password | $@ flows to a logging call. | test.go:152:14:152:21 | password | Sensitive data returned by an access to password | +| test.go:153:13:153:20 | password | test.go:153:13:153:20 | password | test.go:153:13:153:20 | password | $@ flows to a logging call. | test.go:153:13:153:20 | password | Sensitive data returned by an access to password | +| test.go:154:22:154:29 | password | test.go:154:22:154:29 | password | test.go:154:22:154:29 | password | $@ flows to a logging call. | test.go:154:22:154:29 | password | Sensitive data returned by an access to password | +| test.go:155:15:155:22 | password | test.go:155:15:155:22 | password | test.go:155:15:155:22 | password | $@ flows to a logging call. | test.go:155:15:155:22 | password | Sensitive data returned by an access to password | +| test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:156:14:156:21 | password | Sensitive data returned by an access to password | +| test.go:157:13:157:20 | password | test.go:157:13:157:20 | password | test.go:157:13:157:20 | password | $@ flows to a logging call. | test.go:157:13:157:20 | password | Sensitive data returned by an access to password | +| test.go:158:16:158:23 | password | test.go:158:16:158:23 | password | test.go:158:16:158:23 | password | $@ flows to a logging call. | test.go:158:16:158:23 | password | Sensitive data returned by an access to password | +| test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:159:13:159:20 | password | Sensitive data returned by an access to password | +| test.go:160:16:160:23 | password | test.go:160:16:160:23 | password | test.go:160:16:160:23 | password | $@ flows to a logging call. | test.go:160:16:160:23 | password | Sensitive data returned by an access to password | +| test.go:161:13:161:20 | password | test.go:161:13:161:20 | password | test.go:161:13:161:20 | password | $@ flows to a logging call. | test.go:161:13:161:20 | password | Sensitive data returned by an access to password | +| test.go:162:17:162:24 | password | test.go:162:17:162:24 | password | test.go:162:17:162:24 | password | $@ flows to a logging call. | test.go:162:17:162:24 | password | Sensitive data returned by an access to password | +| test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:163:13:163:20 | password | Sensitive data returned by an access to password | +| test.go:164:12:164:19 | password | test.go:164:12:164:19 | password | test.go:164:12:164:19 | password | $@ flows to a logging call. | test.go:164:12:164:19 | password | Sensitive data returned by an access to password | +| test.go:165:21:165:28 | password | test.go:165:21:165:28 | password | test.go:165:21:165:28 | password | $@ flows to a logging call. | test.go:165:21:165:28 | password | Sensitive data returned by an access to password | +| test.go:166:14:166:21 | password | test.go:166:14:166:21 | password | test.go:166:14:166:21 | password | $@ flows to a logging call. | test.go:166:14:166:21 | password | Sensitive data returned by an access to password | +| test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:167:13:167:20 | password | Sensitive data returned by an access to password | +| test.go:168:12:168:19 | password | test.go:168:12:168:19 | password | test.go:168:12:168:19 | password | $@ flows to a logging call. | test.go:168:12:168:19 | password | Sensitive data returned by an access to password | | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | $@ flows to a logging call. | test.go:169:15:169:22 | password | Sensitive data returned by an access to password | -| test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | $@ flows to a logging call. | test.go:170:18:170:25 | password | Sensitive data returned by an access to password | -| test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | $@ flows to a logging call. | test.go:171:15:171:22 | password | Sensitive data returned by an access to password | -| test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | $@ flows to a logging call. | test.go:172:19:172:26 | password | Sensitive data returned by an access to password | -| test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | $@ flows to a logging call. | test.go:173:15:173:22 | password | Sensitive data returned by an access to password | -| test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | $@ flows to a logging call. | test.go:174:14:174:21 | password | Sensitive data returned by an access to password | -| test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | $@ flows to a logging call. | test.go:175:23:175:30 | password | Sensitive data returned by an access to password | -| test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | $@ flows to a logging call. | test.go:176:16:176:23 | password | Sensitive data returned by an access to password | -| test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | $@ flows to a logging call. | test.go:177:15:177:22 | password | Sensitive data returned by an access to password | -| test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | $@ flows to a logging call. | test.go:178:14:178:21 | password | Sensitive data returned by an access to password | -| test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | $@ flows to a logging call. | test.go:179:17:179:24 | password | Sensitive data returned by an access to password | -| test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | $@ flows to a logging call. | test.go:180:16:180:23 | password | Sensitive data returned by an access to password | +| test.go:170:15:170:22 | password | test.go:170:15:170:22 | password | test.go:170:15:170:22 | password | $@ flows to a logging call. | test.go:170:15:170:22 | password | Sensitive data returned by an access to password | +| test.go:171:18:171:25 | password | test.go:171:18:171:25 | password | test.go:171:18:171:25 | password | $@ flows to a logging call. | test.go:171:18:171:25 | password | Sensitive data returned by an access to password | +| test.go:172:15:172:22 | password | test.go:172:15:172:22 | password | test.go:172:15:172:22 | password | $@ flows to a logging call. | test.go:172:15:172:22 | password | Sensitive data returned by an access to password | +| test.go:173:19:173:26 | password | test.go:173:19:173:26 | password | test.go:173:19:173:26 | password | $@ flows to a logging call. | test.go:173:19:173:26 | password | Sensitive data returned by an access to password | +| test.go:174:15:174:22 | password | test.go:174:15:174:22 | password | test.go:174:15:174:22 | password | $@ flows to a logging call. | test.go:174:15:174:22 | password | Sensitive data returned by an access to password | +| test.go:175:14:175:21 | password | test.go:175:14:175:21 | password | test.go:175:14:175:21 | password | $@ flows to a logging call. | test.go:175:14:175:21 | password | Sensitive data returned by an access to password | +| test.go:176:23:176:30 | password | test.go:176:23:176:30 | password | test.go:176:23:176:30 | password | $@ flows to a logging call. | test.go:176:23:176:30 | password | Sensitive data returned by an access to password | +| test.go:177:16:177:23 | password | test.go:177:16:177:23 | password | test.go:177:16:177:23 | password | $@ flows to a logging call. | test.go:177:16:177:23 | password | Sensitive data returned by an access to password | +| test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:178:15:178:22 | password | Sensitive data returned by an access to password | +| test.go:179:14:179:21 | password | test.go:179:14:179:21 | password | test.go:179:14:179:21 | password | $@ flows to a logging call. | test.go:179:14:179:21 | password | Sensitive data returned by an access to password | +| test.go:180:17:180:24 | password | test.go:180:17:180:24 | password | test.go:180:17:180:24 | password | $@ flows to a logging call. | test.go:180:17:180:24 | password | Sensitive data returned by an access to password | +| test.go:181:16:181:23 | password | test.go:181:16:181:23 | password | test.go:181:16:181:23 | password | $@ flows to a logging call. | test.go:181:16:181:23 | password | Sensitive data returned by an access to password | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected index ff1902aa72a..9a80d4698cc 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected @@ -1,12 +1,12 @@ edges nodes -| test.go:246:13:246:34 | call to GetString | semmle.label | call to GetString | -| test.go:247:20:247:41 | call to GetString | semmle.label | call to GetString | -| test.go:310:13:310:27 | call to URI | semmle.label | call to URI | -| test.go:310:13:310:27 | call to URI | semmle.label | call to URI | -| test.go:311:20:311:34 | call to URL | semmle.label | call to URL | -| test.go:311:20:311:34 | call to URL | semmle.label | call to URL | +| test.go:247:13:247:34 | call to GetString | semmle.label | call to GetString | +| test.go:248:20:248:41 | call to GetString | semmle.label | call to GetString | +| test.go:311:13:311:27 | call to URI | semmle.label | call to URI | +| test.go:311:13:311:27 | call to URI | semmle.label | call to URI | +| test.go:312:20:312:34 | call to URL | semmle.label | call to URL | +| test.go:312:20:312:34 | call to URL | semmle.label | call to URL | subpaths #select -| test.go:246:13:246:34 | call to GetString | test.go:246:13:246:34 | call to GetString | test.go:246:13:246:34 | call to GetString | Untrusted URL redirection depends on a $@. | test.go:246:13:246:34 | call to GetString | user-provided value | -| test.go:247:20:247:41 | call to GetString | test.go:247:20:247:41 | call to GetString | test.go:247:20:247:41 | call to GetString | Untrusted URL redirection depends on a $@. | test.go:247:20:247:41 | call to GetString | user-provided value | +| test.go:247:13:247:34 | call to GetString | test.go:247:13:247:34 | call to GetString | test.go:247:13:247:34 | call to GetString | Untrusted URL redirection depends on a $@. | test.go:247:13:247:34 | call to GetString | user-provided value | +| test.go:248:20:248:41 | call to GetString | test.go:248:20:248:41 | call to GetString | test.go:248:20:248:41 | call to GetString | Untrusted URL redirection depends on a $@. | test.go:248:20:248:41 | call to GetString | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index 2de1ce81fff..cb39cfdd247 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -1,317 +1,317 @@ edges -| test.go:26:6:26:10 | definition of bound : bindMe | test.go:28:13:28:30 | type conversion | -| test.go:26:6:26:10 | definition of bound : bindMe | test.go:28:20:28:26 | selection of a : slice type | -| test.go:26:6:26:10 | definition of bound : bindMe | test.go:29:13:29:27 | type conversion | -| test.go:26:6:26:10 | definition of bound : bindMe | test.go:30:13:30:29 | type conversion | -| test.go:26:6:26:10 | definition of bound : bindMe | test.go:30:20:30:26 | selection of c : subBindMe | -| test.go:28:20:28:26 | selection of a : slice type | test.go:28:13:28:30 | type conversion | -| test.go:30:20:30:26 | selection of c : subBindMe | test.go:30:13:30:29 | type conversion | -| test.go:35:20:35:42 | call to Cookie : string | test.go:35:13:35:43 | type conversion | -| test.go:40:20:40:31 | call to Data : map type | test.go:40:13:40:52 | type conversion | -| test.go:45:20:45:43 | call to GetData : basic interface type | test.go:45:13:45:53 | type conversion | -| test.go:50:20:50:42 | call to Header : string | test.go:50:13:50:43 | type conversion | -| test.go:55:20:55:41 | call to Param : string | test.go:55:13:55:42 | type conversion | -| test.go:60:20:60:33 | call to Params : map type | test.go:60:13:60:45 | type conversion | -| test.go:65:20:65:41 | call to Query : string | test.go:65:13:65:42 | type conversion | -| test.go:70:20:70:32 | call to Refer : string | test.go:70:13:70:33 | type conversion | -| test.go:75:20:75:34 | call to Referer : string | test.go:75:13:75:35 | type conversion | -| test.go:80:20:80:30 | call to URI : string | test.go:80:13:80:31 | type conversion | -| test.go:85:20:85:30 | call to URL : string | test.go:85:13:85:31 | type conversion | -| test.go:90:20:90:36 | call to UserAgent : string | test.go:90:13:90:37 | type conversion | -| test.go:95:14:95:25 | call to Data : map type | test.go:95:14:95:45 | type assertion | -| test.go:107:14:107:25 | call to Data : map type | test.go:107:14:107:45 | type assertion | -| test.go:119:14:119:25 | call to Data : map type | test.go:119:14:119:45 | type assertion | -| test.go:136:23:136:42 | call to Data : map type | test.go:136:23:136:62 | type assertion | -| test.go:192:15:192:26 | call to Data : map type | test.go:193:14:193:55 | type conversion | -| test.go:192:15:192:26 | call to Data : map type | test.go:194:14:194:58 | type conversion | -| test.go:192:15:192:26 | call to Data : map type | test.go:196:14:196:28 | type assertion | -| test.go:192:15:192:26 | call to Data : map type | test.go:197:14:197:55 | type conversion | -| test.go:192:15:192:26 | call to Data : map type | test.go:198:14:198:59 | type conversion | -| test.go:201:18:201:33 | selection of Form : Values | test.go:202:14:202:28 | type conversion | -| test.go:216:2:216:34 | ... := ...[0] : File | test.go:219:14:219:20 | content | -| test.go:216:2:216:34 | ... := ...[1] : pointer type | test.go:217:14:217:32 | type conversion | -| test.go:216:2:216:34 | ... := ...[1] : pointer type | test.go:217:21:217:22 | implicit dereference : FileHeader | -| test.go:217:21:217:22 | implicit dereference : FileHeader | test.go:217:14:217:32 | type conversion | -| test.go:217:21:217:22 | implicit dereference : FileHeader | test.go:217:21:217:22 | implicit dereference : FileHeader | -| test.go:221:2:221:40 | ... := ...[0] : slice type | test.go:222:14:222:38 | type conversion | -| test.go:221:2:221:40 | ... := ...[0] : slice type | test.go:222:21:222:28 | implicit dereference : FileHeader | -| test.go:221:2:221:40 | ... := ...[0] : slice type | test.go:222:21:222:28 | index expression : pointer type | -| test.go:222:21:222:28 | implicit dereference : FileHeader | test.go:222:14:222:38 | type conversion | -| test.go:222:21:222:28 | implicit dereference : FileHeader | test.go:222:21:222:28 | implicit dereference : FileHeader | -| test.go:222:21:222:28 | implicit dereference : FileHeader | test.go:222:21:222:28 | index expression : pointer type | -| test.go:222:21:222:28 | index expression : pointer type | test.go:222:14:222:38 | type conversion | -| test.go:222:21:222:28 | index expression : pointer type | test.go:222:21:222:28 | implicit dereference : FileHeader | -| test.go:222:21:222:28 | index expression : pointer type | test.go:222:21:222:28 | index expression : pointer type | -| test.go:224:7:224:28 | call to GetString : string | test.go:225:14:225:22 | type conversion | -| test.go:227:8:227:35 | call to GetStrings : slice type | test.go:228:14:228:26 | type conversion | -| test.go:230:9:230:17 | call to Input : Values | test.go:231:14:231:27 | type conversion | -| test.go:233:6:233:8 | definition of str : myStruct | test.go:235:14:235:30 | type conversion | -| test.go:239:15:239:36 | call to GetString : string | test.go:242:21:242:29 | untrusted | -| test.go:252:23:252:44 | call to GetCookie : string | test.go:252:16:252:45 | type conversion | -| test.go:263:62:263:83 | call to GetCookie : string | test.go:263:55:263:84 | type conversion | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:276:21:276:61 | call to GetDisplayString | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:276:44:276:51 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:276:44:276:51 | index expression : pointer type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:277:21:277:53 | call to SliceChunk : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:277:21:277:56 | index expression : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:277:21:277:83 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:277:21:277:92 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:278:21:278:60 | call to SliceDiff : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:278:21:278:87 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:278:21:278:96 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:283:3:285:44 | call to SliceFilter : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:283:3:285:71 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:283:3:285:80 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:286:21:286:65 | call to SliceIntersect : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:286:21:286:92 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:286:21:286:101 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:287:21:287:65 | call to SliceIntersect : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:287:21:287:92 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:287:21:287:101 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:288:21:288:61 | call to SliceMerge : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:288:21:288:88 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:288:21:288:97 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:289:21:289:61 | call to SliceMerge : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:289:21:289:88 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:289:21:289:97 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:290:21:290:66 | call to SlicePad : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:290:21:290:93 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:290:21:290:102 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:291:21:291:66 | call to SlicePad : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:291:21:291:93 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:291:21:291:102 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:292:21:292:73 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:292:21:292:82 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:294:21:294:97 | call to SliceReduce : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:294:21:294:124 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:294:21:294:133 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:295:21:295:52 | call to SliceShuffle : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:295:21:295:79 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:295:21:295:88 | selection of Filename | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:296:21:296:51 | call to SliceUnique : slice type | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:296:21:296:78 | implicit dereference : FileHeader | -| test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:296:21:296:87 | selection of Filename | -| test.go:276:44:276:51 | implicit dereference : FileHeader | test.go:276:21:276:61 | call to GetDisplayString | -| test.go:276:44:276:51 | implicit dereference : FileHeader | test.go:276:44:276:51 | implicit dereference : FileHeader | -| test.go:276:44:276:51 | implicit dereference : FileHeader | test.go:276:44:276:51 | index expression : pointer type | -| test.go:276:44:276:51 | index expression : pointer type | test.go:276:21:276:61 | call to GetDisplayString | -| test.go:276:44:276:51 | index expression : pointer type | test.go:276:44:276:51 | implicit dereference : FileHeader | -| test.go:276:44:276:51 | index expression : pointer type | test.go:276:44:276:51 | index expression : pointer type | -| test.go:277:21:277:53 | call to SliceChunk : slice type | test.go:277:21:277:56 | index expression : slice type | -| test.go:277:21:277:53 | call to SliceChunk : slice type | test.go:277:21:277:83 | implicit dereference : FileHeader | -| test.go:277:21:277:53 | call to SliceChunk : slice type | test.go:277:21:277:92 | selection of Filename | -| test.go:277:21:277:56 | index expression : slice type | test.go:277:21:277:83 | implicit dereference : FileHeader | -| test.go:277:21:277:56 | index expression : slice type | test.go:277:21:277:92 | selection of Filename | -| test.go:277:21:277:83 | implicit dereference : FileHeader | test.go:277:21:277:92 | selection of Filename | -| test.go:278:21:278:60 | call to SliceDiff : slice type | test.go:278:21:278:87 | implicit dereference : FileHeader | -| test.go:278:21:278:60 | call to SliceDiff : slice type | test.go:278:21:278:96 | selection of Filename | -| test.go:278:21:278:87 | implicit dereference : FileHeader | test.go:278:21:278:96 | selection of Filename | -| test.go:283:3:285:44 | call to SliceFilter : slice type | test.go:283:3:285:71 | implicit dereference : FileHeader | -| test.go:283:3:285:44 | call to SliceFilter : slice type | test.go:283:3:285:80 | selection of Filename | -| test.go:283:3:285:71 | implicit dereference : FileHeader | test.go:283:3:285:80 | selection of Filename | -| test.go:286:21:286:65 | call to SliceIntersect : slice type | test.go:286:21:286:92 | implicit dereference : FileHeader | -| test.go:286:21:286:65 | call to SliceIntersect : slice type | test.go:286:21:286:101 | selection of Filename | -| test.go:286:21:286:92 | implicit dereference : FileHeader | test.go:286:21:286:101 | selection of Filename | +| test.go:27:6:27:10 | definition of bound : bindMe | test.go:29:13:29:30 | type conversion | +| test.go:27:6:27:10 | definition of bound : bindMe | test.go:29:20:29:26 | selection of a : slice type | +| test.go:27:6:27:10 | definition of bound : bindMe | test.go:30:13:30:27 | type conversion | +| test.go:27:6:27:10 | definition of bound : bindMe | test.go:31:13:31:29 | type conversion | +| test.go:27:6:27:10 | definition of bound : bindMe | test.go:31:20:31:26 | selection of c : subBindMe | +| test.go:29:20:29:26 | selection of a : slice type | test.go:29:13:29:30 | type conversion | +| test.go:31:20:31:26 | selection of c : subBindMe | test.go:31:13:31:29 | type conversion | +| test.go:36:20:36:42 | call to Cookie : string | test.go:36:13:36:43 | type conversion | +| test.go:41:20:41:31 | call to Data : map type | test.go:41:13:41:52 | type conversion | +| test.go:46:20:46:43 | call to GetData : basic interface type | test.go:46:13:46:53 | type conversion | +| test.go:51:20:51:42 | call to Header : string | test.go:51:13:51:43 | type conversion | +| test.go:56:20:56:41 | call to Param : string | test.go:56:13:56:42 | type conversion | +| test.go:61:20:61:33 | call to Params : map type | test.go:61:13:61:45 | type conversion | +| test.go:66:20:66:41 | call to Query : string | test.go:66:13:66:42 | type conversion | +| test.go:71:20:71:32 | call to Refer : string | test.go:71:13:71:33 | type conversion | +| test.go:76:20:76:34 | call to Referer : string | test.go:76:13:76:35 | type conversion | +| test.go:81:20:81:30 | call to URI : string | test.go:81:13:81:31 | type conversion | +| test.go:86:20:86:30 | call to URL : string | test.go:86:13:86:31 | type conversion | +| test.go:91:20:91:36 | call to UserAgent : string | test.go:91:13:91:37 | type conversion | +| test.go:96:14:96:25 | call to Data : map type | test.go:96:14:96:45 | type assertion | +| test.go:108:14:108:25 | call to Data : map type | test.go:108:14:108:45 | type assertion | +| test.go:120:14:120:25 | call to Data : map type | test.go:120:14:120:45 | type assertion | +| test.go:137:23:137:42 | call to Data : map type | test.go:137:23:137:62 | type assertion | +| test.go:193:15:193:26 | call to Data : map type | test.go:194:14:194:55 | type conversion | +| test.go:193:15:193:26 | call to Data : map type | test.go:195:14:195:58 | type conversion | +| test.go:193:15:193:26 | call to Data : map type | test.go:197:14:197:28 | type assertion | +| test.go:193:15:193:26 | call to Data : map type | test.go:198:14:198:55 | type conversion | +| test.go:193:15:193:26 | call to Data : map type | test.go:199:14:199:59 | type conversion | +| test.go:202:18:202:33 | selection of Form : Values | test.go:203:14:203:28 | type conversion | +| test.go:217:2:217:34 | ... := ...[0] : File | test.go:220:14:220:20 | content | +| test.go:217:2:217:34 | ... := ...[1] : pointer type | test.go:218:14:218:32 | type conversion | +| test.go:217:2:217:34 | ... := ...[1] : pointer type | test.go:218:21:218:22 | implicit dereference : FileHeader | +| test.go:218:21:218:22 | implicit dereference : FileHeader | test.go:218:14:218:32 | type conversion | +| test.go:218:21:218:22 | implicit dereference : FileHeader | test.go:218:21:218:22 | implicit dereference : FileHeader | +| test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:14:223:38 | type conversion | +| test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:21:223:28 | implicit dereference : FileHeader | +| test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:21:223:28 | index expression : pointer type | +| test.go:223:21:223:28 | implicit dereference : FileHeader | test.go:223:14:223:38 | type conversion | +| test.go:223:21:223:28 | implicit dereference : FileHeader | test.go:223:21:223:28 | implicit dereference : FileHeader | +| test.go:223:21:223:28 | implicit dereference : FileHeader | test.go:223:21:223:28 | index expression : pointer type | +| test.go:223:21:223:28 | index expression : pointer type | test.go:223:14:223:38 | type conversion | +| test.go:223:21:223:28 | index expression : pointer type | test.go:223:21:223:28 | implicit dereference : FileHeader | +| test.go:223:21:223:28 | index expression : pointer type | test.go:223:21:223:28 | index expression : pointer type | +| test.go:225:7:225:28 | call to GetString : string | test.go:226:14:226:22 | type conversion | +| test.go:228:8:228:35 | call to GetStrings : slice type | test.go:229:14:229:26 | type conversion | +| test.go:231:9:231:17 | call to Input : Values | test.go:232:14:232:27 | type conversion | +| test.go:234:6:234:8 | definition of str : myStruct | test.go:236:14:236:30 | type conversion | +| test.go:240:15:240:36 | call to GetString : string | test.go:243:21:243:29 | untrusted | +| test.go:253:23:253:44 | call to GetCookie : string | test.go:253:16:253:45 | type conversion | +| test.go:264:62:264:83 | call to GetCookie : string | test.go:264:55:264:84 | type conversion | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:21:277:61 | call to GetDisplayString | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:44:277:51 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:44:277:51 | index expression : pointer type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:53 | call to SliceChunk : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:56 | index expression : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:83 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:92 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:60 | call to SliceDiff : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:87 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:96 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:44 | call to SliceFilter : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:71 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:80 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:65 | call to SliceIntersect : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:92 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:101 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:65 | call to SliceIntersect : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:92 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:101 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:61 | call to SliceMerge : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:88 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:97 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:61 | call to SliceMerge : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:88 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:97 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:66 | call to SlicePad : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:93 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:102 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:66 | call to SlicePad : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:93 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:102 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:293:21:293:73 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:293:21:293:82 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:97 | call to SliceReduce : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:124 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:133 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:52 | call to SliceShuffle : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:79 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:88 | selection of Filename | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:51 | call to SliceUnique : slice type | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:78 | implicit dereference : FileHeader | +| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:87 | selection of Filename | +| test.go:277:44:277:51 | implicit dereference : FileHeader | test.go:277:21:277:61 | call to GetDisplayString | +| test.go:277:44:277:51 | implicit dereference : FileHeader | test.go:277:44:277:51 | implicit dereference : FileHeader | +| test.go:277:44:277:51 | implicit dereference : FileHeader | test.go:277:44:277:51 | index expression : pointer type | +| test.go:277:44:277:51 | index expression : pointer type | test.go:277:21:277:61 | call to GetDisplayString | +| test.go:277:44:277:51 | index expression : pointer type | test.go:277:44:277:51 | implicit dereference : FileHeader | +| test.go:277:44:277:51 | index expression : pointer type | test.go:277:44:277:51 | index expression : pointer type | +| test.go:278:21:278:53 | call to SliceChunk : slice type | test.go:278:21:278:56 | index expression : slice type | +| test.go:278:21:278:53 | call to SliceChunk : slice type | test.go:278:21:278:83 | implicit dereference : FileHeader | +| test.go:278:21:278:53 | call to SliceChunk : slice type | test.go:278:21:278:92 | selection of Filename | +| test.go:278:21:278:56 | index expression : slice type | test.go:278:21:278:83 | implicit dereference : FileHeader | +| test.go:278:21:278:56 | index expression : slice type | test.go:278:21:278:92 | selection of Filename | +| test.go:278:21:278:83 | implicit dereference : FileHeader | test.go:278:21:278:92 | selection of Filename | +| test.go:279:21:279:60 | call to SliceDiff : slice type | test.go:279:21:279:87 | implicit dereference : FileHeader | +| test.go:279:21:279:60 | call to SliceDiff : slice type | test.go:279:21:279:96 | selection of Filename | +| test.go:279:21:279:87 | implicit dereference : FileHeader | test.go:279:21:279:96 | selection of Filename | +| test.go:284:3:286:44 | call to SliceFilter : slice type | test.go:284:3:286:71 | implicit dereference : FileHeader | +| test.go:284:3:286:44 | call to SliceFilter : slice type | test.go:284:3:286:80 | selection of Filename | +| test.go:284:3:286:71 | implicit dereference : FileHeader | test.go:284:3:286:80 | selection of Filename | | test.go:287:21:287:65 | call to SliceIntersect : slice type | test.go:287:21:287:92 | implicit dereference : FileHeader | | test.go:287:21:287:65 | call to SliceIntersect : slice type | test.go:287:21:287:101 | selection of Filename | | test.go:287:21:287:92 | implicit dereference : FileHeader | test.go:287:21:287:101 | selection of Filename | -| test.go:288:21:288:61 | call to SliceMerge : slice type | test.go:288:21:288:88 | implicit dereference : FileHeader | -| test.go:288:21:288:61 | call to SliceMerge : slice type | test.go:288:21:288:97 | selection of Filename | -| test.go:288:21:288:88 | implicit dereference : FileHeader | test.go:288:21:288:97 | selection of Filename | +| test.go:288:21:288:65 | call to SliceIntersect : slice type | test.go:288:21:288:92 | implicit dereference : FileHeader | +| test.go:288:21:288:65 | call to SliceIntersect : slice type | test.go:288:21:288:101 | selection of Filename | +| test.go:288:21:288:92 | implicit dereference : FileHeader | test.go:288:21:288:101 | selection of Filename | | test.go:289:21:289:61 | call to SliceMerge : slice type | test.go:289:21:289:88 | implicit dereference : FileHeader | | test.go:289:21:289:61 | call to SliceMerge : slice type | test.go:289:21:289:97 | selection of Filename | | test.go:289:21:289:88 | implicit dereference : FileHeader | test.go:289:21:289:97 | selection of Filename | -| test.go:290:21:290:66 | call to SlicePad : slice type | test.go:290:21:290:93 | implicit dereference : FileHeader | -| test.go:290:21:290:66 | call to SlicePad : slice type | test.go:290:21:290:102 | selection of Filename | -| test.go:290:21:290:93 | implicit dereference : FileHeader | test.go:290:21:290:102 | selection of Filename | +| test.go:290:21:290:61 | call to SliceMerge : slice type | test.go:290:21:290:88 | implicit dereference : FileHeader | +| test.go:290:21:290:61 | call to SliceMerge : slice type | test.go:290:21:290:97 | selection of Filename | +| test.go:290:21:290:88 | implicit dereference : FileHeader | test.go:290:21:290:97 | selection of Filename | | test.go:291:21:291:66 | call to SlicePad : slice type | test.go:291:21:291:93 | implicit dereference : FileHeader | | test.go:291:21:291:66 | call to SlicePad : slice type | test.go:291:21:291:102 | selection of Filename | | test.go:291:21:291:93 | implicit dereference : FileHeader | test.go:291:21:291:102 | selection of Filename | -| test.go:292:21:292:73 | implicit dereference : FileHeader | test.go:292:21:292:82 | selection of Filename | -| test.go:294:21:294:97 | call to SliceReduce : slice type | test.go:294:21:294:124 | implicit dereference : FileHeader | -| test.go:294:21:294:97 | call to SliceReduce : slice type | test.go:294:21:294:133 | selection of Filename | -| test.go:294:21:294:124 | implicit dereference : FileHeader | test.go:294:21:294:133 | selection of Filename | -| test.go:295:21:295:52 | call to SliceShuffle : slice type | test.go:295:21:295:79 | implicit dereference : FileHeader | -| test.go:295:21:295:52 | call to SliceShuffle : slice type | test.go:295:21:295:88 | selection of Filename | -| test.go:295:21:295:79 | implicit dereference : FileHeader | test.go:295:21:295:88 | selection of Filename | -| test.go:296:21:296:51 | call to SliceUnique : slice type | test.go:296:21:296:78 | implicit dereference : FileHeader | -| test.go:296:21:296:51 | call to SliceUnique : slice type | test.go:296:21:296:87 | selection of Filename | -| test.go:296:21:296:78 | implicit dereference : FileHeader | test.go:296:21:296:87 | selection of Filename | -| test.go:302:15:302:36 | call to GetString : string | test.go:304:21:304:48 | type assertion | -| test.go:302:15:302:36 | call to GetString : string | test.go:305:21:305:32 | call to Items : map type | -| test.go:302:15:302:36 | call to GetString : string | test.go:305:21:305:52 | type assertion | -| test.go:305:21:305:32 | call to Items : map type | test.go:305:21:305:52 | type assertion | +| test.go:292:21:292:66 | call to SlicePad : slice type | test.go:292:21:292:93 | implicit dereference : FileHeader | +| test.go:292:21:292:66 | call to SlicePad : slice type | test.go:292:21:292:102 | selection of Filename | +| test.go:292:21:292:93 | implicit dereference : FileHeader | test.go:292:21:292:102 | selection of Filename | +| test.go:293:21:293:73 | implicit dereference : FileHeader | test.go:293:21:293:82 | selection of Filename | +| test.go:295:21:295:97 | call to SliceReduce : slice type | test.go:295:21:295:124 | implicit dereference : FileHeader | +| test.go:295:21:295:97 | call to SliceReduce : slice type | test.go:295:21:295:133 | selection of Filename | +| test.go:295:21:295:124 | implicit dereference : FileHeader | test.go:295:21:295:133 | selection of Filename | +| test.go:296:21:296:52 | call to SliceShuffle : slice type | test.go:296:21:296:79 | implicit dereference : FileHeader | +| test.go:296:21:296:52 | call to SliceShuffle : slice type | test.go:296:21:296:88 | selection of Filename | +| test.go:296:21:296:79 | implicit dereference : FileHeader | test.go:296:21:296:88 | selection of Filename | +| test.go:297:21:297:51 | call to SliceUnique : slice type | test.go:297:21:297:78 | implicit dereference : FileHeader | +| test.go:297:21:297:51 | call to SliceUnique : slice type | test.go:297:21:297:87 | selection of Filename | +| test.go:297:21:297:78 | implicit dereference : FileHeader | test.go:297:21:297:87 | selection of Filename | +| test.go:303:15:303:36 | call to GetString : string | test.go:305:21:305:48 | type assertion | +| test.go:303:15:303:36 | call to GetString : string | test.go:306:21:306:32 | call to Items : map type | +| test.go:303:15:303:36 | call to GetString : string | test.go:306:21:306:52 | type assertion | +| test.go:306:21:306:32 | call to Items : map type | test.go:306:21:306:52 | type assertion | nodes -| test.go:26:6:26:10 | definition of bound : bindMe | semmle.label | definition of bound : bindMe | -| test.go:28:13:28:30 | type conversion | semmle.label | type conversion | -| test.go:28:20:28:26 | selection of a : slice type | semmle.label | selection of a : slice type | -| test.go:29:13:29:27 | type conversion | semmle.label | type conversion | -| test.go:30:13:30:29 | type conversion | semmle.label | type conversion | -| test.go:30:20:30:26 | selection of c : subBindMe | semmle.label | selection of c : subBindMe | -| test.go:35:13:35:43 | type conversion | semmle.label | type conversion | -| test.go:35:20:35:42 | call to Cookie : string | semmle.label | call to Cookie : string | -| test.go:40:13:40:52 | type conversion | semmle.label | type conversion | -| test.go:40:20:40:31 | call to Data : map type | semmle.label | call to Data : map type | -| test.go:45:13:45:53 | type conversion | semmle.label | type conversion | -| test.go:45:20:45:43 | call to GetData : basic interface type | semmle.label | call to GetData : basic interface type | -| test.go:50:13:50:43 | type conversion | semmle.label | type conversion | -| test.go:50:20:50:42 | call to Header : string | semmle.label | call to Header : string | -| test.go:55:13:55:42 | type conversion | semmle.label | type conversion | -| test.go:55:20:55:41 | call to Param : string | semmle.label | call to Param : string | -| test.go:60:13:60:45 | type conversion | semmle.label | type conversion | -| test.go:60:20:60:33 | call to Params : map type | semmle.label | call to Params : map type | -| test.go:65:13:65:42 | type conversion | semmle.label | type conversion | -| test.go:65:20:65:41 | call to Query : string | semmle.label | call to Query : string | -| test.go:70:13:70:33 | type conversion | semmle.label | type conversion | -| test.go:70:20:70:32 | call to Refer : string | semmle.label | call to Refer : string | -| test.go:75:13:75:35 | type conversion | semmle.label | type conversion | -| test.go:75:20:75:34 | call to Referer : string | semmle.label | call to Referer : string | -| test.go:80:13:80:31 | type conversion | semmle.label | type conversion | -| test.go:80:20:80:30 | call to URI : string | semmle.label | call to URI : string | -| test.go:85:13:85:31 | type conversion | semmle.label | type conversion | -| test.go:85:20:85:30 | call to URL : string | semmle.label | call to URL : string | -| test.go:90:13:90:37 | type conversion | semmle.label | type conversion | -| test.go:90:20:90:36 | call to UserAgent : string | semmle.label | call to UserAgent : string | -| test.go:95:14:95:25 | call to Data : map type | semmle.label | call to Data : map type | -| test.go:95:14:95:45 | type assertion | semmle.label | type assertion | -| test.go:107:14:107:25 | call to Data : map type | semmle.label | call to Data : map type | -| test.go:107:14:107:45 | type assertion | semmle.label | type assertion | -| test.go:119:14:119:25 | call to Data : map type | semmle.label | call to Data : map type | -| test.go:119:14:119:45 | type assertion | semmle.label | type assertion | -| test.go:136:23:136:42 | call to Data : map type | semmle.label | call to Data : map type | -| test.go:136:23:136:62 | type assertion | semmle.label | type assertion | -| test.go:192:15:192:26 | call to Data : map type | semmle.label | call to Data : map type | -| test.go:193:14:193:55 | type conversion | semmle.label | type conversion | -| test.go:194:14:194:58 | type conversion | semmle.label | type conversion | -| test.go:196:14:196:28 | type assertion | semmle.label | type assertion | -| test.go:197:14:197:55 | type conversion | semmle.label | type conversion | -| test.go:198:14:198:59 | type conversion | semmle.label | type conversion | -| test.go:201:18:201:33 | selection of Form : Values | semmle.label | selection of Form : Values | -| test.go:202:14:202:28 | type conversion | semmle.label | type conversion | -| test.go:216:2:216:34 | ... := ...[0] : File | semmle.label | ... := ...[0] : File | -| test.go:216:2:216:34 | ... := ...[1] : pointer type | semmle.label | ... := ...[1] : pointer type | -| test.go:217:14:217:32 | type conversion | semmle.label | type conversion | -| test.go:217:21:217:22 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:219:14:219:20 | content | semmle.label | content | -| test.go:221:2:221:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type | -| test.go:222:14:222:38 | type conversion | semmle.label | type conversion | -| test.go:222:21:222:28 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:222:21:222:28 | index expression : pointer type | semmle.label | index expression : pointer type | -| test.go:224:7:224:28 | call to GetString : string | semmle.label | call to GetString : string | -| test.go:225:14:225:22 | type conversion | semmle.label | type conversion | -| test.go:227:8:227:35 | call to GetStrings : slice type | semmle.label | call to GetStrings : slice type | -| test.go:228:14:228:26 | type conversion | semmle.label | type conversion | -| test.go:230:9:230:17 | call to Input : Values | semmle.label | call to Input : Values | -| test.go:231:14:231:27 | type conversion | semmle.label | type conversion | -| test.go:233:6:233:8 | definition of str : myStruct | semmle.label | definition of str : myStruct | -| test.go:235:14:235:30 | type conversion | semmle.label | type conversion | -| test.go:239:15:239:36 | call to GetString : string | semmle.label | call to GetString : string | -| test.go:242:21:242:29 | untrusted | semmle.label | untrusted | -| test.go:252:16:252:45 | type conversion | semmle.label | type conversion | -| test.go:252:23:252:44 | call to GetCookie : string | semmle.label | call to GetCookie : string | -| test.go:257:16:257:37 | call to GetCookie | semmle.label | call to GetCookie | -| test.go:258:15:258:41 | call to GetCookie | semmle.label | call to GetCookie | -| test.go:263:55:263:84 | type conversion | semmle.label | type conversion | -| test.go:263:62:263:83 | call to GetCookie : string | semmle.label | call to GetCookie : string | -| test.go:268:2:268:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type | -| test.go:276:21:276:61 | call to GetDisplayString | semmle.label | call to GetDisplayString | -| test.go:276:44:276:51 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:276:44:276:51 | index expression : pointer type | semmle.label | index expression : pointer type | -| test.go:277:21:277:53 | call to SliceChunk : slice type | semmle.label | call to SliceChunk : slice type | -| test.go:277:21:277:56 | index expression : slice type | semmle.label | index expression : slice type | -| test.go:277:21:277:83 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:277:21:277:92 | selection of Filename | semmle.label | selection of Filename | -| test.go:278:21:278:60 | call to SliceDiff : slice type | semmle.label | call to SliceDiff : slice type | -| test.go:278:21:278:87 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:278:21:278:96 | selection of Filename | semmle.label | selection of Filename | -| test.go:283:3:285:44 | call to SliceFilter : slice type | semmle.label | call to SliceFilter : slice type | -| test.go:283:3:285:71 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:283:3:285:80 | selection of Filename | semmle.label | selection of Filename | -| test.go:286:21:286:65 | call to SliceIntersect : slice type | semmle.label | call to SliceIntersect : slice type | -| test.go:286:21:286:92 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:286:21:286:101 | selection of Filename | semmle.label | selection of Filename | +| test.go:27:6:27:10 | definition of bound : bindMe | semmle.label | definition of bound : bindMe | +| test.go:29:13:29:30 | type conversion | semmle.label | type conversion | +| test.go:29:20:29:26 | selection of a : slice type | semmle.label | selection of a : slice type | +| test.go:30:13:30:27 | type conversion | semmle.label | type conversion | +| test.go:31:13:31:29 | type conversion | semmle.label | type conversion | +| test.go:31:20:31:26 | selection of c : subBindMe | semmle.label | selection of c : subBindMe | +| test.go:36:13:36:43 | type conversion | semmle.label | type conversion | +| test.go:36:20:36:42 | call to Cookie : string | semmle.label | call to Cookie : string | +| test.go:41:13:41:52 | type conversion | semmle.label | type conversion | +| test.go:41:20:41:31 | call to Data : map type | semmle.label | call to Data : map type | +| test.go:46:13:46:53 | type conversion | semmle.label | type conversion | +| test.go:46:20:46:43 | call to GetData : basic interface type | semmle.label | call to GetData : basic interface type | +| test.go:51:13:51:43 | type conversion | semmle.label | type conversion | +| test.go:51:20:51:42 | call to Header : string | semmle.label | call to Header : string | +| test.go:56:13:56:42 | type conversion | semmle.label | type conversion | +| test.go:56:20:56:41 | call to Param : string | semmle.label | call to Param : string | +| test.go:61:13:61:45 | type conversion | semmle.label | type conversion | +| test.go:61:20:61:33 | call to Params : map type | semmle.label | call to Params : map type | +| test.go:66:13:66:42 | type conversion | semmle.label | type conversion | +| test.go:66:20:66:41 | call to Query : string | semmle.label | call to Query : string | +| test.go:71:13:71:33 | type conversion | semmle.label | type conversion | +| test.go:71:20:71:32 | call to Refer : string | semmle.label | call to Refer : string | +| test.go:76:13:76:35 | type conversion | semmle.label | type conversion | +| test.go:76:20:76:34 | call to Referer : string | semmle.label | call to Referer : string | +| test.go:81:13:81:31 | type conversion | semmle.label | type conversion | +| test.go:81:20:81:30 | call to URI : string | semmle.label | call to URI : string | +| test.go:86:13:86:31 | type conversion | semmle.label | type conversion | +| test.go:86:20:86:30 | call to URL : string | semmle.label | call to URL : string | +| test.go:91:13:91:37 | type conversion | semmle.label | type conversion | +| test.go:91:20:91:36 | call to UserAgent : string | semmle.label | call to UserAgent : string | +| test.go:96:14:96:25 | call to Data : map type | semmle.label | call to Data : map type | +| test.go:96:14:96:45 | type assertion | semmle.label | type assertion | +| test.go:108:14:108:25 | call to Data : map type | semmle.label | call to Data : map type | +| test.go:108:14:108:45 | type assertion | semmle.label | type assertion | +| test.go:120:14:120:25 | call to Data : map type | semmle.label | call to Data : map type | +| test.go:120:14:120:45 | type assertion | semmle.label | type assertion | +| test.go:137:23:137:42 | call to Data : map type | semmle.label | call to Data : map type | +| test.go:137:23:137:62 | type assertion | semmle.label | type assertion | +| test.go:193:15:193:26 | call to Data : map type | semmle.label | call to Data : map type | +| test.go:194:14:194:55 | type conversion | semmle.label | type conversion | +| test.go:195:14:195:58 | type conversion | semmle.label | type conversion | +| test.go:197:14:197:28 | type assertion | semmle.label | type assertion | +| test.go:198:14:198:55 | type conversion | semmle.label | type conversion | +| test.go:199:14:199:59 | type conversion | semmle.label | type conversion | +| test.go:202:18:202:33 | selection of Form : Values | semmle.label | selection of Form : Values | +| test.go:203:14:203:28 | type conversion | semmle.label | type conversion | +| test.go:217:2:217:34 | ... := ...[0] : File | semmle.label | ... := ...[0] : File | +| test.go:217:2:217:34 | ... := ...[1] : pointer type | semmle.label | ... := ...[1] : pointer type | +| test.go:218:14:218:32 | type conversion | semmle.label | type conversion | +| test.go:218:21:218:22 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:220:14:220:20 | content | semmle.label | content | +| test.go:222:2:222:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type | +| test.go:223:14:223:38 | type conversion | semmle.label | type conversion | +| test.go:223:21:223:28 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:223:21:223:28 | index expression : pointer type | semmle.label | index expression : pointer type | +| test.go:225:7:225:28 | call to GetString : string | semmle.label | call to GetString : string | +| test.go:226:14:226:22 | type conversion | semmle.label | type conversion | +| test.go:228:8:228:35 | call to GetStrings : slice type | semmle.label | call to GetStrings : slice type | +| test.go:229:14:229:26 | type conversion | semmle.label | type conversion | +| test.go:231:9:231:17 | call to Input : Values | semmle.label | call to Input : Values | +| test.go:232:14:232:27 | type conversion | semmle.label | type conversion | +| test.go:234:6:234:8 | definition of str : myStruct | semmle.label | definition of str : myStruct | +| test.go:236:14:236:30 | type conversion | semmle.label | type conversion | +| test.go:240:15:240:36 | call to GetString : string | semmle.label | call to GetString : string | +| test.go:243:21:243:29 | untrusted | semmle.label | untrusted | +| test.go:253:16:253:45 | type conversion | semmle.label | type conversion | +| test.go:253:23:253:44 | call to GetCookie : string | semmle.label | call to GetCookie : string | +| test.go:258:16:258:37 | call to GetCookie | semmle.label | call to GetCookie | +| test.go:259:15:259:41 | call to GetCookie | semmle.label | call to GetCookie | +| test.go:264:55:264:84 | type conversion | semmle.label | type conversion | +| test.go:264:62:264:83 | call to GetCookie : string | semmle.label | call to GetCookie : string | +| test.go:269:2:269:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type | +| test.go:277:21:277:61 | call to GetDisplayString | semmle.label | call to GetDisplayString | +| test.go:277:44:277:51 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:277:44:277:51 | index expression : pointer type | semmle.label | index expression : pointer type | +| test.go:278:21:278:53 | call to SliceChunk : slice type | semmle.label | call to SliceChunk : slice type | +| test.go:278:21:278:56 | index expression : slice type | semmle.label | index expression : slice type | +| test.go:278:21:278:83 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:278:21:278:92 | selection of Filename | semmle.label | selection of Filename | +| test.go:279:21:279:60 | call to SliceDiff : slice type | semmle.label | call to SliceDiff : slice type | +| test.go:279:21:279:87 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:279:21:279:96 | selection of Filename | semmle.label | selection of Filename | +| test.go:284:3:286:44 | call to SliceFilter : slice type | semmle.label | call to SliceFilter : slice type | +| test.go:284:3:286:71 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:284:3:286:80 | selection of Filename | semmle.label | selection of Filename | | test.go:287:21:287:65 | call to SliceIntersect : slice type | semmle.label | call to SliceIntersect : slice type | | test.go:287:21:287:92 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | | test.go:287:21:287:101 | selection of Filename | semmle.label | selection of Filename | -| test.go:288:21:288:61 | call to SliceMerge : slice type | semmle.label | call to SliceMerge : slice type | -| test.go:288:21:288:88 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:288:21:288:97 | selection of Filename | semmle.label | selection of Filename | +| test.go:288:21:288:65 | call to SliceIntersect : slice type | semmle.label | call to SliceIntersect : slice type | +| test.go:288:21:288:92 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:288:21:288:101 | selection of Filename | semmle.label | selection of Filename | | test.go:289:21:289:61 | call to SliceMerge : slice type | semmle.label | call to SliceMerge : slice type | | test.go:289:21:289:88 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | | test.go:289:21:289:97 | selection of Filename | semmle.label | selection of Filename | -| test.go:290:21:290:66 | call to SlicePad : slice type | semmle.label | call to SlicePad : slice type | -| test.go:290:21:290:93 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:290:21:290:102 | selection of Filename | semmle.label | selection of Filename | +| test.go:290:21:290:61 | call to SliceMerge : slice type | semmle.label | call to SliceMerge : slice type | +| test.go:290:21:290:88 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:290:21:290:97 | selection of Filename | semmle.label | selection of Filename | | test.go:291:21:291:66 | call to SlicePad : slice type | semmle.label | call to SlicePad : slice type | | test.go:291:21:291:93 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | | test.go:291:21:291:102 | selection of Filename | semmle.label | selection of Filename | -| test.go:292:21:292:73 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:292:21:292:82 | selection of Filename | semmle.label | selection of Filename | -| test.go:294:21:294:97 | call to SliceReduce : slice type | semmle.label | call to SliceReduce : slice type | -| test.go:294:21:294:124 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:294:21:294:133 | selection of Filename | semmle.label | selection of Filename | -| test.go:295:21:295:52 | call to SliceShuffle : slice type | semmle.label | call to SliceShuffle : slice type | -| test.go:295:21:295:79 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:295:21:295:88 | selection of Filename | semmle.label | selection of Filename | -| test.go:296:21:296:51 | call to SliceUnique : slice type | semmle.label | call to SliceUnique : slice type | -| test.go:296:21:296:78 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | -| test.go:296:21:296:87 | selection of Filename | semmle.label | selection of Filename | -| test.go:302:15:302:36 | call to GetString : string | semmle.label | call to GetString : string | -| test.go:304:21:304:48 | type assertion | semmle.label | type assertion | -| test.go:305:21:305:32 | call to Items : map type | semmle.label | call to Items : map type | -| test.go:305:21:305:52 | type assertion | semmle.label | type assertion | +| test.go:292:21:292:66 | call to SlicePad : slice type | semmle.label | call to SlicePad : slice type | +| test.go:292:21:292:93 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:292:21:292:102 | selection of Filename | semmle.label | selection of Filename | +| test.go:293:21:293:73 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:293:21:293:82 | selection of Filename | semmle.label | selection of Filename | +| test.go:295:21:295:97 | call to SliceReduce : slice type | semmle.label | call to SliceReduce : slice type | +| test.go:295:21:295:124 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:295:21:295:133 | selection of Filename | semmle.label | selection of Filename | +| test.go:296:21:296:52 | call to SliceShuffle : slice type | semmle.label | call to SliceShuffle : slice type | +| test.go:296:21:296:79 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:296:21:296:88 | selection of Filename | semmle.label | selection of Filename | +| test.go:297:21:297:51 | call to SliceUnique : slice type | semmle.label | call to SliceUnique : slice type | +| test.go:297:21:297:78 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader | +| test.go:297:21:297:87 | selection of Filename | semmle.label | selection of Filename | +| test.go:303:15:303:36 | call to GetString : string | semmle.label | call to GetString : string | +| test.go:305:21:305:48 | type assertion | semmle.label | type assertion | +| test.go:306:21:306:32 | call to Items : map type | semmle.label | call to Items : map type | +| test.go:306:21:306:52 | type assertion | semmle.label | type assertion | subpaths #select -| test.go:28:13:28:30 | type conversion | test.go:26:6:26:10 | definition of bound : bindMe | test.go:28:13:28:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:26:6:26:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:29:13:29:27 | type conversion | test.go:26:6:26:10 | definition of bound : bindMe | test.go:29:13:29:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:26:6:26:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:30:13:30:29 | type conversion | test.go:26:6:26:10 | definition of bound : bindMe | test.go:30:13:30:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:26:6:26:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:35:13:35:43 | type conversion | test.go:35:20:35:42 | call to Cookie : string | test.go:35:13:35:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:35:20:35:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:40:13:40:52 | type conversion | test.go:40:20:40:31 | call to Data : map type | test.go:40:13:40:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:40:20:40:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:45:13:45:53 | type conversion | test.go:45:20:45:43 | call to GetData : basic interface type | test.go:45:13:45:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:45:20:45:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:50:13:50:43 | type conversion | test.go:50:20:50:42 | call to Header : string | test.go:50:13:50:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:50:20:50:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:55:13:55:42 | type conversion | test.go:55:20:55:41 | call to Param : string | test.go:55:13:55:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:55:20:55:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:60:13:60:45 | type conversion | test.go:60:20:60:33 | call to Params : map type | test.go:60:13:60:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:60:20:60:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:65:13:65:42 | type conversion | test.go:65:20:65:41 | call to Query : string | test.go:65:13:65:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:65:20:65:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:70:13:70:33 | type conversion | test.go:70:20:70:32 | call to Refer : string | test.go:70:13:70:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:70:20:70:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:75:13:75:35 | type conversion | test.go:75:20:75:34 | call to Referer : string | test.go:75:13:75:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:75:20:75:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:80:13:80:31 | type conversion | test.go:80:20:80:30 | call to URI : string | test.go:80:13:80:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:80:20:80:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:85:13:85:31 | type conversion | test.go:85:20:85:30 | call to URL : string | test.go:85:13:85:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:85:20:85:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:90:13:90:37 | type conversion | test.go:90:20:90:36 | call to UserAgent : string | test.go:90:13:90:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:90:20:90:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:95:14:95:45 | type assertion | test.go:95:14:95:25 | call to Data : map type | test.go:95:14:95:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:95:14:95:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:107:14:107:45 | type assertion | test.go:107:14:107:25 | call to Data : map type | test.go:107:14:107:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:107:14:107:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:119:14:119:45 | type assertion | test.go:119:14:119:25 | call to Data : map type | test.go:119:14:119:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:119:14:119:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:136:23:136:62 | type assertion | test.go:136:23:136:42 | call to Data : map type | test.go:136:23:136:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:136:23:136:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:193:14:193:55 | type conversion | test.go:192:15:192:26 | call to Data : map type | test.go:193:14:193:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:192:15:192:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:194:14:194:58 | type conversion | test.go:192:15:192:26 | call to Data : map type | test.go:194:14:194:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:192:15:192:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:196:14:196:28 | type assertion | test.go:192:15:192:26 | call to Data : map type | test.go:196:14:196:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:192:15:192:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:197:14:197:55 | type conversion | test.go:192:15:192:26 | call to Data : map type | test.go:197:14:197:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:192:15:192:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:198:14:198:59 | type conversion | test.go:192:15:192:26 | call to Data : map type | test.go:198:14:198:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:192:15:192:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:202:14:202:28 | type conversion | test.go:201:18:201:33 | selection of Form : Values | test.go:202:14:202:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:201:18:201:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:217:14:217:32 | type conversion | test.go:216:2:216:34 | ... := ...[1] : pointer type | test.go:217:14:217:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:216:2:216:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:219:14:219:20 | content | test.go:216:2:216:34 | ... := ...[0] : File | test.go:219:14:219:20 | content | Cross-site scripting vulnerability due to $@. | test.go:216:2:216:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:222:14:222:38 | type conversion | test.go:221:2:221:40 | ... := ...[0] : slice type | test.go:222:14:222:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:221:2:221:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:225:14:225:22 | type conversion | test.go:224:7:224:28 | call to GetString : string | test.go:225:14:225:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:224:7:224:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:228:14:228:26 | type conversion | test.go:227:8:227:35 | call to GetStrings : slice type | test.go:228:14:228:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:227:8:227:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:231:14:231:27 | type conversion | test.go:230:9:230:17 | call to Input : Values | test.go:231:14:231:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:230:9:230:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:235:14:235:30 | type conversion | test.go:233:6:233:8 | definition of str : myStruct | test.go:235:14:235:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:233:6:233:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:242:21:242:29 | untrusted | test.go:239:15:239:36 | call to GetString : string | test.go:242:21:242:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:239:15:239:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:252:16:252:45 | type conversion | test.go:252:23:252:44 | call to GetCookie : string | test.go:252:16:252:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:252:23:252:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:257:16:257:37 | call to GetCookie | test.go:257:16:257:37 | call to GetCookie | test.go:257:16:257:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:257:16:257:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:258:15:258:41 | call to GetCookie | test.go:258:15:258:41 | call to GetCookie | test.go:258:15:258:41 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:258:15:258:41 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:263:55:263:84 | type conversion | test.go:263:62:263:83 | call to GetCookie : string | test.go:263:55:263:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:263:62:263:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:276:21:276:61 | call to GetDisplayString | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:276:21:276:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:277:21:277:92 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:277:21:277:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:278:21:278:96 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:278:21:278:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:283:3:285:80 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:283:3:285:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:286:21:286:101 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:286:21:286:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:287:21:287:101 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:287:21:287:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:288:21:288:97 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:288:21:288:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:289:21:289:97 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:289:21:289:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:290:21:290:102 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:290:21:290:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:291:21:291:102 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:291:21:291:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:292:21:292:82 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:292:21:292:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:294:21:294:133 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:294:21:294:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:295:21:295:88 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:295:21:295:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:296:21:296:87 | selection of Filename | test.go:268:2:268:40 | ... := ...[0] : slice type | test.go:296:21:296:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:268:2:268:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:304:21:304:48 | type assertion | test.go:302:15:302:36 | call to GetString : string | test.go:304:21:304:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:302:15:302:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:305:21:305:52 | type assertion | test.go:302:15:302:36 | call to GetString : string | test.go:305:21:305:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:302:15:302:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:29:13:29:30 | type conversion | test.go:27:6:27:10 | definition of bound : bindMe | test.go:29:13:29:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:30:13:30:27 | type conversion | test.go:27:6:27:10 | definition of bound : bindMe | test.go:30:13:30:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:31:13:31:29 | type conversion | test.go:27:6:27:10 | definition of bound : bindMe | test.go:31:13:31:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:36:13:36:43 | type conversion | test.go:36:20:36:42 | call to Cookie : string | test.go:36:13:36:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:36:20:36:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:41:13:41:52 | type conversion | test.go:41:20:41:31 | call to Data : map type | test.go:41:13:41:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:41:20:41:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:46:13:46:53 | type conversion | test.go:46:20:46:43 | call to GetData : basic interface type | test.go:46:13:46:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:46:20:46:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:51:13:51:43 | type conversion | test.go:51:20:51:42 | call to Header : string | test.go:51:13:51:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:51:20:51:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:56:13:56:42 | type conversion | test.go:56:20:56:41 | call to Param : string | test.go:56:13:56:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:56:20:56:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:61:13:61:45 | type conversion | test.go:61:20:61:33 | call to Params : map type | test.go:61:13:61:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:61:20:61:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:66:13:66:42 | type conversion | test.go:66:20:66:41 | call to Query : string | test.go:66:13:66:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:66:20:66:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:71:13:71:33 | type conversion | test.go:71:20:71:32 | call to Refer : string | test.go:71:13:71:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:71:20:71:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:76:13:76:35 | type conversion | test.go:76:20:76:34 | call to Referer : string | test.go:76:13:76:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:76:20:76:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:81:13:81:31 | type conversion | test.go:81:20:81:30 | call to URI : string | test.go:81:13:81:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:81:20:81:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:86:13:86:31 | type conversion | test.go:86:20:86:30 | call to URL : string | test.go:86:13:86:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:86:20:86:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:91:13:91:37 | type conversion | test.go:91:20:91:36 | call to UserAgent : string | test.go:91:13:91:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:91:20:91:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:96:14:96:45 | type assertion | test.go:96:14:96:25 | call to Data : map type | test.go:96:14:96:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:96:14:96:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:108:14:108:45 | type assertion | test.go:108:14:108:25 | call to Data : map type | test.go:108:14:108:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:108:14:108:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:120:14:120:45 | type assertion | test.go:120:14:120:25 | call to Data : map type | test.go:120:14:120:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:120:14:120:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:137:23:137:62 | type assertion | test.go:137:23:137:42 | call to Data : map type | test.go:137:23:137:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:137:23:137:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:194:14:194:55 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:194:14:194:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:195:14:195:58 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:195:14:195:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:197:14:197:28 | type assertion | test.go:193:15:193:26 | call to Data : map type | test.go:197:14:197:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:198:14:198:55 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:198:14:198:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:199:14:199:59 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:199:14:199:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:203:14:203:28 | type conversion | test.go:202:18:202:33 | selection of Form : Values | test.go:203:14:203:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:202:18:202:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:218:14:218:32 | type conversion | test.go:217:2:217:34 | ... := ...[1] : pointer type | test.go:218:14:218:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:220:14:220:20 | content | test.go:217:2:217:34 | ... := ...[0] : File | test.go:220:14:220:20 | content | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:223:14:223:38 | type conversion | test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:14:223:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:222:2:222:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:226:14:226:22 | type conversion | test.go:225:7:225:28 | call to GetString : string | test.go:226:14:226:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:225:7:225:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:229:14:229:26 | type conversion | test.go:228:8:228:35 | call to GetStrings : slice type | test.go:229:14:229:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:228:8:228:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:232:14:232:27 | type conversion | test.go:231:9:231:17 | call to Input : Values | test.go:232:14:232:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:9:231:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:236:14:236:30 | type conversion | test.go:234:6:234:8 | definition of str : myStruct | test.go:236:14:236:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:6:234:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:243:21:243:29 | untrusted | test.go:240:15:240:36 | call to GetString : string | test.go:243:21:243:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:240:15:240:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:253:16:253:45 | type conversion | test.go:253:23:253:44 | call to GetCookie : string | test.go:253:16:253:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:253:23:253:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:258:16:258:37 | call to GetCookie | test.go:258:16:258:37 | call to GetCookie | test.go:258:16:258:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:258:16:258:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:259:15:259:41 | call to GetCookie | test.go:259:15:259:41 | call to GetCookie | test.go:259:15:259:41 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:259:15:259:41 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:264:55:264:84 | type conversion | test.go:264:62:264:83 | call to GetCookie : string | test.go:264:55:264:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:264:62:264:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:277:21:277:61 | call to GetDisplayString | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:21:277:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:278:21:278:92 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:279:21:279:96 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:284:3:286:80 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:287:21:287:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:288:21:288:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:289:21:289:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:290:21:290:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:291:21:291:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:292:21:292:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:293:21:293:82 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:293:21:293:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:295:21:295:133 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:296:21:296:88 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:297:21:297:87 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:305:21:305:48 | type assertion | test.go:303:15:303:36 | call to GetString : string | test.go:305:21:305:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:306:21:306:52 | type assertion | test.go:303:15:303:36 | call to GetString : string | test.go:306:21:306:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index 76fec9f68d4..116d5d44a6d 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -1,14 +1,18 @@ edges -| test.go:208:15:208:26 | call to Data : map type | test.go:209:18:209:26 | untrusted | -| test.go:208:15:208:26 | call to Data : map type | test.go:210:10:210:18 | untrusted | -| test.go:208:15:208:26 | call to Data : map type | test.go:211:35:211:43 | untrusted | +| test.go:209:15:209:26 | call to Data : map type | test.go:210:18:210:26 | untrusted | +| test.go:209:15:209:26 | call to Data : map type | test.go:211:10:211:18 | untrusted | +| test.go:209:15:209:26 | call to Data : map type | test.go:212:35:212:43 | untrusted | +| test.go:318:17:318:37 | selection of RequestBody : slice type | test.go:320:35:320:43 | untrusted | nodes -| test.go:208:15:208:26 | call to Data : map type | semmle.label | call to Data : map type | -| test.go:209:18:209:26 | untrusted | semmle.label | untrusted | -| test.go:210:10:210:18 | untrusted | semmle.label | untrusted | -| test.go:211:35:211:43 | untrusted | semmle.label | untrusted | +| test.go:209:15:209:26 | call to Data : map type | semmle.label | call to Data : map type | +| test.go:210:18:210:26 | untrusted | semmle.label | untrusted | +| test.go:211:10:211:18 | untrusted | semmle.label | untrusted | +| test.go:212:35:212:43 | untrusted | semmle.label | untrusted | +| test.go:318:17:318:37 | selection of RequestBody : slice type | semmle.label | selection of RequestBody : slice type | +| test.go:320:35:320:43 | untrusted | semmle.label | untrusted | subpaths #select -| test.go:209:18:209:26 | untrusted | test.go:208:15:208:26 | call to Data : map type | test.go:209:18:209:26 | untrusted | This path depends on a $@. | test.go:208:15:208:26 | call to Data | user-provided value | -| test.go:210:10:210:18 | untrusted | test.go:208:15:208:26 | call to Data : map type | test.go:210:10:210:18 | untrusted | This path depends on a $@. | test.go:208:15:208:26 | call to Data | user-provided value | -| test.go:211:35:211:43 | untrusted | test.go:208:15:208:26 | call to Data : map type | test.go:211:35:211:43 | untrusted | This path depends on a $@. | test.go:208:15:208:26 | call to Data | user-provided value | +| test.go:210:18:210:26 | untrusted | test.go:209:15:209:26 | call to Data : map type | test.go:210:18:210:26 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value | +| test.go:211:10:211:18 | untrusted | test.go:209:15:209:26 | call to Data : map type | test.go:211:10:211:18 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value | +| test.go:212:35:212:43 | untrusted | test.go:209:15:209:26 | call to Data : map type | test.go:212:35:212:43 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value | +| test.go:320:35:320:43 | untrusted | test.go:318:17:318:37 | selection of RequestBody : slice type | test.go:320:35:320:43 | untrusted | This path depends on a $@. | test.go:318:17:318:37 | selection of RequestBody | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go index b5953d8e768..4a0d91f6146 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go @@ -1,6 +1,7 @@ package test import ( + "encoding/json" "github.com/astaxie/beego" "github.com/astaxie/beego/context" "github.com/astaxie/beego/logs" @@ -310,3 +311,11 @@ func testSafeRedirects(c *beego.Controller, ctx *context.Context) { c.Redirect(ctx.Input.URI(), 304) ctx.Redirect(304, ctx.Input.URL()) } + +// BAD: using RequestBody data as path in a file-system operation +func requestBodySourceTest(ctx *context.Context, c *beego.Controller) { + var dat map[string]interface{} + json.Unmarshal(ctx.Input.RequestBody, &dat) + untrusted := dat["filepath"].(string) + c.SaveToFile("someReceviedFile", untrusted) +} diff --git a/go/ql/test/query-tests/InconsistentCode/WrappedErrorAlwaysNil/WrappedErrorAlwaysNil.expected b/go/ql/test/query-tests/InconsistentCode/WrappedErrorAlwaysNil/WrappedErrorAlwaysNil.expected index 4ac2411d7ca..43853d29664 100644 --- a/go/ql/test/query-tests/InconsistentCode/WrappedErrorAlwaysNil/WrappedErrorAlwaysNil.expected +++ b/go/ql/test/query-tests/InconsistentCode/WrappedErrorAlwaysNil/WrappedErrorAlwaysNil.expected @@ -1,4 +1,4 @@ -| WrappedErrorAlwaysNil.go:31:22:31:24 | err | The first argument to 'errors.Wrap' is always nil | -| WrappedErrorAlwaysNil.go:41:14:41:16 | nil | The first argument to 'errors.Wrap' is always nil | -| WrappedErrorAlwaysNil.go:45:14:45:16 | err | The first argument to 'errors.Wrap' is always nil | -| WrappedErrorAlwaysNil.go:49:14:49:21 | localErr | The first argument to 'errors.Wrap' is always nil | +| WrappedErrorAlwaysNil.go:31:22:31:24 | err | The first argument to 'errors.Wrap' is always nil. | +| WrappedErrorAlwaysNil.go:41:14:41:16 | nil | The first argument to 'errors.Wrap' is always nil. | +| WrappedErrorAlwaysNil.go:45:14:45:16 | err | The first argument to 'errors.Wrap' is always nil. | +| WrappedErrorAlwaysNil.go:49:14:49:21 | localErr | The first argument to 'errors.Wrap' is always nil. | diff --git a/go/ql/test/query-tests/Security/CWE-020/SuspiciousCharacterInRegexp/SuspiciousCharacterInRegexp.expected b/go/ql/test/query-tests/Security/CWE-020/SuspiciousCharacterInRegexp/SuspiciousCharacterInRegexp.expected index 130894d0639..cea5780a6c5 100644 --- a/go/ql/test/query-tests/Security/CWE-020/SuspiciousCharacterInRegexp/SuspiciousCharacterInRegexp.expected +++ b/go/ql/test/query-tests/Security/CWE-020/SuspiciousCharacterInRegexp/SuspiciousCharacterInRegexp.expected @@ -13,14 +13,14 @@ nodes | test.go:23:21:23:36 | "hello\\\\\\bworld" | semmle.label | "hello\\\\\\bworld" | subpaths #select -| SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | $@ that is $@ contains a literal backspace \\b; did you mean \\\\b, a word boundary? | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | A string literal | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | used as a regular expression | -| test.go:7:21:7:24 | "\\a" | test.go:7:21:7:24 | "\\a" | test.go:7:21:7:24 | "\\a" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:7:21:7:24 | "\\a" | A string literal | test.go:7:21:7:24 | "\\a" | used as a regular expression | -| test.go:9:21:9:26 | "\\\\\\a" | test.go:9:21:9:26 | "\\\\\\a" | test.go:9:21:9:26 | "\\\\\\a" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:9:21:9:26 | "\\\\\\a" | A string literal | test.go:9:21:9:26 | "\\\\\\a" | used as a regular expression | -| test.go:10:21:10:27 | "x\\\\\\a" | test.go:10:21:10:27 | "x\\\\\\a" | test.go:10:21:10:27 | "x\\\\\\a" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:10:21:10:27 | "x\\\\\\a" | A string literal | test.go:10:21:10:27 | "x\\\\\\a" | used as a regular expression | -| test.go:12:21:12:28 | "\\\\\\\\\\a" | test.go:12:21:12:28 | "\\\\\\\\\\a" | test.go:12:21:12:28 | "\\\\\\\\\\a" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:12:21:12:28 | "\\\\\\\\\\a" | A string literal | test.go:12:21:12:28 | "\\\\\\\\\\a" | used as a regular expression | -| test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | A string literal | test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | used as a regular expression | -| test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | A string literal | test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | used as a regular expression | -| test.go:20:21:20:34 | "hello\\aworld" | test.go:20:21:20:34 | "hello\\aworld" | test.go:20:21:20:34 | "hello\\aworld" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:20:21:20:34 | "hello\\aworld" | A string literal | test.go:20:21:20:34 | "hello\\aworld" | used as a regular expression | -| test.go:21:21:21:36 | "hello\\\\\\aworld" | test.go:21:21:21:36 | "hello\\\\\\aworld" | test.go:21:21:21:36 | "hello\\\\\\aworld" | $@ that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:21:21:21:36 | "hello\\\\\\aworld" | A string literal | test.go:21:21:21:36 | "hello\\\\\\aworld" | used as a regular expression | -| test.go:22:21:22:34 | "hello\\bworld" | test.go:22:21:22:34 | "hello\\bworld" | test.go:22:21:22:34 | "hello\\bworld" | $@ that is $@ contains a literal backspace \\b; did you mean \\\\b, a word boundary? | test.go:22:21:22:34 | "hello\\bworld" | A string literal | test.go:22:21:22:34 | "hello\\bworld" | used as a regular expression | -| test.go:23:21:23:36 | "hello\\\\\\bworld" | test.go:23:21:23:36 | "hello\\\\\\bworld" | test.go:23:21:23:36 | "hello\\\\\\bworld" | $@ that is $@ contains a literal backspace \\b; did you mean \\\\b, a word boundary? | test.go:23:21:23:36 | "hello\\\\\\bworld" | A string literal | test.go:23:21:23:36 | "hello\\\\\\bworld" | used as a regular expression | +| SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | This string literal that is $@ contains a literal backspace \\b; did you mean \\\\b, a word boundary? | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | used as a regular expression | +| test.go:7:21:7:24 | "\\a" | test.go:7:21:7:24 | "\\a" | test.go:7:21:7:24 | "\\a" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:7:21:7:24 | "\\a" | used as a regular expression | +| test.go:9:21:9:26 | "\\\\\\a" | test.go:9:21:9:26 | "\\\\\\a" | test.go:9:21:9:26 | "\\\\\\a" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:9:21:9:26 | "\\\\\\a" | used as a regular expression | +| test.go:10:21:10:27 | "x\\\\\\a" | test.go:10:21:10:27 | "x\\\\\\a" | test.go:10:21:10:27 | "x\\\\\\a" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:10:21:10:27 | "x\\\\\\a" | used as a regular expression | +| test.go:12:21:12:28 | "\\\\\\\\\\a" | test.go:12:21:12:28 | "\\\\\\\\\\a" | test.go:12:21:12:28 | "\\\\\\\\\\a" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:12:21:12:28 | "\\\\\\\\\\a" | used as a regular expression | +| test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:14:21:14:30 | "\\\\\\\\\\\\\\a" | used as a regular expression | +| test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:16:21:16:32 | "\\\\\\\\\\\\\\\\\\a" | used as a regular expression | +| test.go:20:21:20:34 | "hello\\aworld" | test.go:20:21:20:34 | "hello\\aworld" | test.go:20:21:20:34 | "hello\\aworld" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:20:21:20:34 | "hello\\aworld" | used as a regular expression | +| test.go:21:21:21:36 | "hello\\\\\\aworld" | test.go:21:21:21:36 | "hello\\\\\\aworld" | test.go:21:21:21:36 | "hello\\\\\\aworld" | This string literal that is $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:21:21:21:36 | "hello\\\\\\aworld" | used as a regular expression | +| test.go:22:21:22:34 | "hello\\bworld" | test.go:22:21:22:34 | "hello\\bworld" | test.go:22:21:22:34 | "hello\\bworld" | This string literal that is $@ contains a literal backspace \\b; did you mean \\\\b, a word boundary? | test.go:22:21:22:34 | "hello\\bworld" | used as a regular expression | +| test.go:23:21:23:36 | "hello\\\\\\bworld" | test.go:23:21:23:36 | "hello\\\\\\bworld" | test.go:23:21:23:36 | "hello\\\\\\bworld" | This string literal that is $@ contains a literal backspace \\b; did you mean \\\\b, a word boundary? | test.go:23:21:23:36 | "hello\\\\\\bworld" | used as a regular expression | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index be68561ca27..2ba310c6ee1 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -20,8 +20,8 @@ nodes | sample.go:47:17:47:39 | call to Intn | semmle.label | call to Intn | subpaths #select -| InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | $@ generated with a cryptographically weak RNG is used in $@. | InsecureRandomness.go:12:18:12:40 | call to Intn | A random number | InsecureRandomness.go:12:18:12:40 | call to Intn | a password-related function | -| sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 : uint32 | sample.go:26:25:26:30 | call to Guid | $@ generated with a cryptographically weak RNG is used in $@. | sample.go:15:49:15:61 | call to Uint32 | A random number | sample.go:26:25:26:30 | call to Guid | this cryptographic algorithm | -| sample.go:37:25:37:29 | nonce | sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:25:37:29 | nonce | $@ generated with a cryptographically weak RNG is used in $@. | sample.go:34:12:34:40 | call to New | A random number | sample.go:37:25:37:29 | nonce | this cryptographic algorithm | -| sample.go:37:32:37:36 | nonce | sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:32:37:36 | nonce | $@ generated with a cryptographically weak RNG is used in $@. | sample.go:34:12:34:40 | call to New | A random number | sample.go:37:32:37:36 | nonce | this cryptographic algorithm | -| sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | $@ generated with a cryptographically weak RNG is used in $@. | sample.go:43:17:43:39 | call to Intn | A random number | sample.go:43:17:43:39 | call to Intn | a password-related function | +| InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | InsecureRandomness.go:12:18:12:40 | call to Intn | random number | +| sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 : uint32 | sample.go:26:25:26:30 | call to Guid | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:15:49:15:61 | call to Uint32 | random number | +| sample.go:37:25:37:29 | nonce | sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:25:37:29 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | +| sample.go:37:32:37:36 | nonce | sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:32:37:36 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | +| sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | sample.go:43:17:43:39 | call to Intn | random number | diff --git a/go/ql/test/query-tests/Security/CWE-918/websocket.go b/go/ql/test/query-tests/Security/CWE-918/websocket.go index db613fe5fa5..328200770ae 100644 --- a/go/ql/test/query-tests/Security/CWE-918/websocket.go +++ b/go/ql/test/query-tests/Security/CWE-918/websocket.go @@ -96,7 +96,7 @@ func test() { http.HandleFunc("/ex5", func(w http.ResponseWriter, r *http.Request) { untrustedInput := r.Referer() - // good as input is tested againt regex + // good as input is tested against regex if m, _ := regexp.MatchString("ws://localhost:12345/*", untrustedInput); m { nhooyr.Dial(context.TODO(), untrustedInput, nil) } diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 425da54f994..189dbab6b94 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -36,10 +36,10 @@ jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,, jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55 java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -java.io,37,,39,,15,,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,39, +java.io,37,,40,,15,,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,40, java.lang,13,,66,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,,,54,12 java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,3,7, -java.nio,15,,11,,13,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,11, +java.nio,15,,14,,13,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,14, java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,,, java.util,44,,461,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,,36,425 javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 4c4e0c96d86..1c6e7136efc 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -15,9 +15,9 @@ Java framework & library support `Apache HttpComponents `_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25 `Google Guava `_,``com.google.common.*``,,728,39,,6,,,,, `JSON-java `_,``org.json``,,236,,,,,,,, - Java Standard Library,``java.*``,3,585,130,28,,,7,,,10 + Java Standard Library,``java.*``,3,589,130,28,,,7,,,10 Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2 `Spring `_,``org.springframework.*``,29,477,101,,,,19,14,,29 Others,"``androidx.core.app``, ``androidx.slice``, ``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``kotlin``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.logging.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jboss.logging``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",65,2326,972,10,,,14,18,,5 - Totals,,217,8428,1524,129,6,10,107,33,1,86 + Totals,,217,8432,1524,129,6,10,107,33,1,86 diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/hasModifier.ql b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/hasModifier.ql new file mode 100644 index 00000000000..0d1c2f3514b --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/hasModifier.ql @@ -0,0 +1,19 @@ +class Modifier extends @modifier { + string toString() { none() } +} + +class TypeVariable extends @typevariable { + string toString() { none() } +} + +class Modified extends @modifiable { + Modified() { hasModifier(this, _) } + + string toString() { none() } +} + +from Modified m1, Modifier m2 +where + hasModifier(m1, m2) and + not m1 instanceof TypeVariable +select m1, m2 diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/modifiers.ql b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/modifiers.ql new file mode 100644 index 00000000000..baa997f7fd8 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/modifiers.ql @@ -0,0 +1,11 @@ +class Modifier extends @modifier { + string toString() { none() } + + string getName() { modifiers(this, result) } +} + +from Modifier m, string s +where + s = m.getName() and + not s in ["in", "out", "reified"] +select m, m.getName() diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme new file mode 100644 index 00000000000..709f1d1fd04 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar | @typevariable; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme new file mode 100644 index 00000000000..ecb42310286 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar ; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties new file mode 100644 index 00000000000..0a7ee2789f5 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties @@ -0,0 +1,4 @@ +description: Remove type parameters from modifiable entities +compatibility: backwards +hasModifier.rel: run hasModifier.qlo +modifiers.rel: run modifiers.qlo diff --git a/java/kotlin-extractor/build.py b/java/kotlin-extractor/build.py index a4da1a2ea23..9525522869b 100755 --- a/java/kotlin-extractor/build.py +++ b/java/kotlin-extractor/build.py @@ -25,6 +25,8 @@ def parse_args(): dest='many', help='Build for a single version/kind') parser.add_argument('--single-version', help='Build for a specific version/kind') + parser.add_argument('--single-version-embeddable', action='store_true', + help='When building a single version, build an embeddable extractor (default is standalone)') return parser.parse_args() @@ -235,7 +237,13 @@ def compile_standalone(version): if args.single_version: - compile_standalone(args.single_version) + if args.single_version_embeddable == True: + compile_embeddable(args.single_version) + else: + compile_standalone(args.single_version) +elif args.single_version_embeddable == True: + print("--single-version-embeddable requires --single-version", file=sys.stderr) + sys.exit(1) elif args.many: for version in kotlin_plugin_versions.many_versions: compile_standalone(version) diff --git a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java index a8cf0cb7b05..b7b11912325 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java @@ -4,11 +4,16 @@ import java.lang.reflect.*; import java.io.File; import java.io.IOException; import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; import java.util.Enumeration; import java.util.HashMap; import java.util.LinkedHashMap; +import java.util.LinkedList; +import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.zip.ZipEntry; import java.util.zip.ZipFile; @@ -29,6 +34,7 @@ import org.jetbrains.org.objectweb.asm.Opcodes; import com.semmle.util.concurrent.LockDirectory; import com.semmle.util.concurrent.LockDirectory.LockingMode; +import com.semmle.util.data.Pair; import com.semmle.util.exception.CatastrophicError; import com.semmle.util.exception.NestedError; import com.semmle.util.exception.ResourceError; @@ -43,6 +49,9 @@ import com.semmle.util.trap.dependencies.TrapSet; import com.semmle.util.trap.pathtransformers.PathTransformer; public class OdasaOutput { + // By default we use lockless TRAP writing, but this can be set + // if we want to use the old TRAP locking for any reason. + private final boolean use_trap_locking = Env.systemEnv().getBoolean("CODEQL_EXTRACTOR_JAVA_TRAP_LOCKING", false); // either these are set ... private final File trapFolder; @@ -260,22 +269,59 @@ public class OdasaOutput { * Any unique suffix needed to distinguish `sym` from other declarations with the same name. * For functions for example, this means its parameter signature. */ - private TrapFileManager getMembersWriterForDecl(File trap, IrDeclaration sym, String signature) { - TrapClassVersion currVersion = TrapClassVersion.fromSymbol(sym, log); - String shortName = sym instanceof IrDeclarationWithName ? ((IrDeclarationWithName)sym).getName().asString() : "(name unknown)"; - if (trap.exists()) { - // Only re-write an existing trap file if we encountered a newer version of the same class. - TrapClassVersion trapVersion = readVersionInfo(trap); - if (!currVersion.isValid()) { - log.warn("Not rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); - } else if (currVersion.newerThan(trapVersion)) { - log.trace("Rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); - deleteTrapFileAndDependencies(sym, signature); + private TrapFileManager getMembersWriterForDecl(File trap, File trapFileBase, TrapClassVersion trapFileVersion, IrDeclaration sym, String signature) { + if (use_trap_locking) { + TrapClassVersion currVersion = TrapClassVersion.fromSymbol(sym, log); + String shortName = sym instanceof IrDeclarationWithName ? ((IrDeclarationWithName)sym).getName().asString() : "(name unknown)"; + if (trap.exists()) { + // Only re-write an existing trap file if we encountered a newer version of the same class. + TrapClassVersion trapVersion = readVersionInfo(trap); + if (!currVersion.isValid()) { + log.warn("Not rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); + } else if (currVersion.newerThan(trapVersion)) { + log.trace("Rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); + deleteTrapFileAndDependencies(sym, signature); + } else { + return null; + } } else { - return null; + log.trace("Writing trap file for: " + shortName + " " + currVersion + " " + trap); } } else { - log.trace("Writing trap file for: " + shortName + " " + currVersion + " " + trap); + // If the TRAP file already exists then we + // don't need to write it. + if (trap.exists()) { + log.warn("Not rewriting trap file for " + trap.toString() + " as it exists"); + return null; + } + // If the TRAP file was written in the past, and + // then renamed to its trap-old name, then we + // don't need to rewrite it only to rename it + // again. + File trapFileDir = trap.getParentFile(); + File trapOld = new File(trapFileDir, trap.getName().replace(".trap.gz", ".trap-old.gz")); + if (trapOld.exists()) { + log.warn("Not rewriting trap file for " + trap.toString() + " as the trap-old exists"); + return null; + } + // Otherwise, if any newer TRAP file has already + // been written then we don't need to write + // anything. + if (trapFileBase != null && trapFileVersion != null && trapFileDir.exists()) { + String trapFileBaseName = trapFileBase.getName(); + + for (File f: FileUtil.list(trapFileDir)) { + String name = f.getName(); + Matcher m = selectClassVersionComponents.matcher(name); + if (m.matches() && m.group(1).equals(trapFileBaseName)) { + TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)), Integer.valueOf(m.group(3)), Long.valueOf(m.group(4)), m.group(5)); + if (v.newerThan(trapFileVersion)) { + log.warn("Not rewriting trap file for " + trap.toString() + " as " + f.toString() + " exists"); + return null; + } + } + } + } } return trapWriter(trap, sym, signature); } @@ -328,19 +374,24 @@ public class OdasaOutput { } writeTrapDependencies(trapDependenciesForClass); - // Record major/minor version information for extracted class files. - // This is subsequently used to determine whether to re-extract (a newer version of) the same class. - File metadataFile = new File(trapFile.getAbsolutePath().replace(".trap.gz", ".metadata")); - try { - Map versionMap = new LinkedHashMap<>(); - TrapClassVersion tcv = TrapClassVersion.fromSymbol(sym, log); - versionMap.put(MAJOR_VERSION, String.valueOf(tcv.getMajorVersion())); - versionMap.put(MINOR_VERSION, String.valueOf(tcv.getMinorVersion())); - versionMap.put(LAST_MODIFIED, String.valueOf(tcv.getLastModified())); - versionMap.put(EXTRACTOR_NAME, tcv.getExtractorName()); - FileUtil.writePropertiesCSV(metadataFile, versionMap); - } catch (IOException e) { - log.warn("Could not save trap metadata file: " + metadataFile.getAbsolutePath(), e); + + // If we are using TRAP locking then we + // need to write a metadata file. + if (use_trap_locking) { + // Record major/minor version information for extracted class files. + // This is subsequently used to determine whether to re-extract (a newer version of) the same class. + File metadataFile = new File(trapFile.getAbsolutePath().replace(".trap.gz", ".metadata")); + try { + Map versionMap = new LinkedHashMap<>(); + TrapClassVersion tcv = TrapClassVersion.fromSymbol(sym, log); + versionMap.put(MAJOR_VERSION, String.valueOf(tcv.getMajorVersion())); + versionMap.put(MINOR_VERSION, String.valueOf(tcv.getMinorVersion())); + versionMap.put(LAST_MODIFIED, String.valueOf(tcv.getLastModified())); + versionMap.put(EXTRACTOR_NAME, tcv.getExtractorName()); + FileUtil.writePropertiesCSV(metadataFile, versionMap); + } catch (IOException e) { + log.warn("Could not save trap metadata file: " + metadataFile.getAbsolutePath(), e); + } } } private void writeTrapDependencies(TrapDependencies trapDependencies) { @@ -358,6 +409,8 @@ public class OdasaOutput { * Trap file locking. */ + private final Pattern selectClassVersionComponents = Pattern.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap\\.gz"); + /** * CAUTION: to avoid the potential for deadlock between multiple concurrent extractor processes, * only one source file {@link TrapLocker} may be open at any time, and the lock must be obtained @@ -414,6 +467,10 @@ public class OdasaOutput { public class TrapLocker implements AutoCloseable { private final IrDeclaration sym; private final File trapFile; + // trapFileBase is used when doing lockless TRAP file writing. + // It is trapFile without the #metadata.trap.gz suffix. + private File trapFileBase = null; + private TrapClassVersion trapFileVersion = null; private final String signature; private TrapLocker(IrDeclaration decl, String signature) { this.sym = decl; @@ -422,7 +479,20 @@ public class OdasaOutput { log.error("Null symbol passed for Kotlin TRAP locker"); trapFile = null; } else { - trapFile = getTrapFileForDecl(sym, signature); + File normalTrapFile = getTrapFileForDecl(sym, signature); + if (use_trap_locking) { + trapFile = normalTrapFile; + } else { + // We encode the metadata into the filename, so that the + // TRAP filenames for different metadatas don't overlap. + trapFileVersion = TrapClassVersion.fromSymbol(sym, log); + String baseName = normalTrapFile.getName().replace(".trap.gz", ""); + // If a class has lots of inner classes, then we get lots of files + // in a single directory. This makes our directory listings later slow. + // To avoid this, rather than using files named .../Foo*, we use .../Foo/Foo*. + trapFileBase = new File(new File(normalTrapFile.getParentFile(), baseName), baseName); + trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap.gz"); + } } } private TrapLocker(File jarFile) { @@ -437,20 +507,83 @@ public class OdasaOutput { } public TrapFileManager getTrapFileManager() { if (trapFile!=null) { - lockTrapFile(trapFile); - return getMembersWriterForDecl(trapFile, sym, signature); + if (use_trap_locking) { + lockTrapFile(trapFile); + } + return getMembersWriterForDecl(trapFile, trapFileBase, trapFileVersion, sym, signature); } else { return null; } } + @Override public void close() { if (trapFile!=null) { try { - unlockTrapFile(trapFile); + if (use_trap_locking) { + unlockTrapFile(trapFile); + } } catch (NestedError e) { log.warn("Error unlocking trap file " + trapFile.getAbsolutePath(), e); } + + // If we are writing TRAP file locklessly, then now that we + // have finished writing our TRAP file, we want to rename + // and TRAP file that matches our trapFileBase but doesn't + // have the latest metadata. + // Renaming it to trap-old means that it won't be imported, + // but we can still use its presence to avoid future + // invocations rewriting it, and it means that the information + // is in the TRAP directory if we need it for debugging. + if (!use_trap_locking && sym != null) { + File trapFileDir = trapFileBase.getParentFile(); + String trapFileBaseName = trapFileBase.getName(); + + List> pairs = new LinkedList>(); + for (File f: FileUtil.list(trapFileDir)) { + String name = f.getName(); + Matcher m = selectClassVersionComponents.matcher(name); + if (m.matches()) { + if (m.group(1).equals(trapFileBaseName)) { + TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)), Integer.valueOf(m.group(3)), Long.valueOf(m.group(4)), m.group(5)); + pairs.add(new Pair(f, v)); + } else { + // Everything in this directory should be for the same TRAP file base + log.error("Unexpected sibling " + m.group(1) + " when extracting " + trapFileBaseName); + } + } + } + if (pairs.isEmpty()) { + log.error("Wrote TRAP file, but no TRAP files exist for " + trapFile.getAbsolutePath()); + } else { + Comparator> comparator = new Comparator>() { + @Override + public int compare(Pair p1, Pair p2) { + TrapClassVersion v1 = p1.snd(); + TrapClassVersion v2 = p2.snd(); + if (v1.equals(v2)) { + return 0; + } else if (v1.newerThan(v2)) { + return 1; + } else { + return -1; + } + } + }; + TrapClassVersion latestVersion = Collections.max(pairs, comparator).snd(); + + for (Pair p: pairs) { + if (!latestVersion.equals(p.snd())) { + File f = p.fst(); + File fOld = new File(f.getParentFile(), f.getName().replace(".trap.gz", ".trap-old.gz")); + // We aren't interested in whether or not this succeeds; + // it may fail because a concurrent extractor has already + // renamed it. + f.renameTo(fOld); + } + } + } + } } } @@ -505,13 +638,24 @@ public class OdasaOutput { this.lastModified = lastModified; this.extractorName = extractorName; } + + @Override + public boolean equals(Object obj) { + if (obj instanceof TrapClassVersion) { + TrapClassVersion other = (TrapClassVersion)obj; + return majorVersion == other.majorVersion && minorVersion == other.minorVersion && lastModified == other.lastModified && extractorName.equals(other.extractorName); + } else { + return false; + } + } + private boolean newerThan(TrapClassVersion tcv) { // Classes being compiled from source have major version 0 but should take precedence // over any classes with the same qualified name loaded from the classpath // in previous or subsequent extractor invocations. - if (tcv.majorVersion==0) + if (tcv.majorVersion == 0 && majorVersion != 0) return false; - else if (majorVersion==0) + else if (majorVersion == 0 && tcv.majorVersion != 0) return true; // Always consider the Kotlin extractor superior to the Java extractor, because we may decode and extract // Kotlin metadata that the Java extractor can't understand: diff --git a/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java b/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java index a8008ca6299..47bbb1d2029 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java @@ -123,7 +123,7 @@ public class ExpansionEnvironment { } /** - * This the old default constructor, which always enables command substutitions. + * This the old default constructor, which always enables command substitutions. * Doing so is a security risk whenever the string you expand may come * from an untrusted source, so you should only do that when you explicitly want * to do it and have decided that it is safe. (And then use the constructor that diff --git a/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java b/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java index 6c3e754310e..81a9f46a71f 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java @@ -1033,11 +1033,11 @@ public class FileUtil } /** - * Santize path string To handle windows drive letters and cross-platform builds. + * Sanitize path string To handle windows drive letters and cross-platform builds. * @param pathString to be sanitized * @return sanitized path string */ - private static String santizePathString(String pathString) { + private static String sanitizePathString(String pathString) { // Replace ':' by '_', as the extractor does - to handle Windows drive letters pathString = pathString.replace(':', '_'); @@ -1059,7 +1059,7 @@ public class FileUtil */ public static File appendAbsolutePath (File root, String absolutePath) { - absolutePath = santizePathString(absolutePath); + absolutePath = sanitizePathString(absolutePath); return new File(root, absolutePath).getAbsoluteFile(); } @@ -1075,7 +1075,7 @@ public class FileUtil */ public static Path appendAbsolutePath(Path root, String absolutePathString){ - absolutePathString = santizePathString(absolutePathString); + absolutePathString = sanitizePathString(absolutePathString); Path path = Paths.get(absolutePathString); diff --git a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt index b1b2823b6b5..9a99b05f775 100644 --- a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt @@ -84,7 +84,7 @@ class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: Stri // file information if needed: val ftw = tw.makeFileTrapWriter(binaryPath, irDecl is IrClass) - val fileExtractor = KotlinFileExtractor(logger, ftw, binaryPath, manager, this, primitiveTypeMapping, pluginContext, globalExtensionState) + val fileExtractor = KotlinFileExtractor(logger, ftw, null, binaryPath, manager, this, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState) if (irDecl is IrClass) { // Populate a location and compilation-unit package for the file. This is similar to diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt index 3b58400eca5..a31bfee0b4f 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt @@ -74,7 +74,7 @@ class KotlinExtractorExtension( // First, if we can find our log directory, then let's try // making a log file there: val extractorLogDir = System.getenv("CODEQL_EXTRACTOR_JAVA_LOG_DIR") - if (extractorLogDir != null || extractorLogDir != "") { + if (extractorLogDir != null && extractorLogDir != "") { // We use a slightly different filename pattern compared // to normal logs. Just the existence of a `-top` log is // a sign that something's gone very wrong. @@ -296,7 +296,9 @@ private fun doFile( context.clear() } - val dbSrcFilePath = Paths.get("$dbSrcDir/$srcFilePath") + val srcFileRelativePath = srcFilePath.replace(':', '_') + + val dbSrcFilePath = Paths.get("$dbSrcDir/$srcFileRelativePath") val dbSrcDirPath = dbSrcFilePath.parent Files.createDirectories(dbSrcDirPath) val srcTmpFile = File.createTempFile(dbSrcFilePath.fileName.toString() + ".", ".src.tmp", dbSrcDirPath.toFile()) @@ -305,7 +307,7 @@ private fun doFile( } srcTmpFile.renameTo(dbSrcFilePath.toFile()) - val trapFileName = "$dbTrapDir/$srcFilePath.trap" + val trapFileName = "$dbTrapDir/$srcFileRelativePath.trap" val trapFileWriter = getTrapFileWriter(compression, logger, trapFileName) if (checkTrapIdentical || !trapFileWriter.exists()) { @@ -322,7 +324,8 @@ private fun doFile( // file information val sftw = tw.makeSourceFileTrapWriter(srcFile, true) val externalDeclExtractor = ExternalDeclExtractor(logger, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter) - val fileExtractor = KotlinFileExtractor(logger, sftw, srcFilePath, null, externalDeclExtractor, primitiveTypeMapping, pluginContext, globalExtensionState) + val linesOfCode = LinesOfCode(logger, sftw, srcFile) + val fileExtractor = KotlinFileExtractor(logger, sftw, linesOfCode, srcFilePath, null, externalDeclExtractor, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState) fileExtractor.extractFileContents(srcFile, sftw.fileId) externalDeclExtractor.extractExternalClasses() @@ -397,7 +400,7 @@ private abstract class TrapFileWriter(val logger: FileLogger, trapName: String, fun getTempWriter(): BufferedWriter { if (this::tempFile.isInitialized) { - logger.error("Temp writer reinitiailised for $realFile") + logger.error("Temp writer reinitialized for $realFile") } tempFile = File.createTempFile(realFile.getName() + ".", ".trap.tmp" + extension, parentDir) return getWriter(tempFile) diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt index f023368d3e0..5741aab36d1 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt @@ -17,6 +17,7 @@ import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI import org.jetbrains.kotlin.ir.backend.js.utils.realOverrideTarget import org.jetbrains.kotlin.ir.declarations.* import org.jetbrains.kotlin.ir.expressions.* +import org.jetbrains.kotlin.ir.expressions.impl.IrConstImpl import org.jetbrains.kotlin.ir.symbols.* import org.jetbrains.kotlin.ir.types.* import org.jetbrains.kotlin.ir.util.* @@ -30,16 +31,19 @@ import org.jetbrains.kotlin.types.Variance import org.jetbrains.kotlin.util.OperatorNameConventions import java.io.Closeable import java.util.* +import kotlin.collections.ArrayList open class KotlinFileExtractor( override val logger: FileLogger, override val tw: FileTrapWriter, + val linesOfCode: LinesOfCode?, val filePath: String, dependencyCollector: OdasaOutput.TrapFileManager?, externalClassExtractor: ExternalDeclExtractor, primitiveTypeMapping: PrimitiveTypeMapping, pluginContext: IrPluginContext, - globalExtensionState: KotlinExtractorGlobalState + val declarationStack: DeclarationStack, + globalExtensionState: KotlinExtractorGlobalState, ): KotlinUsesExtractor(logger, tw, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, globalExtensionState) { private inline fun with(kind: String, element: IrElement, f: () -> T): T { @@ -88,6 +92,8 @@ open class KotlinFileExtractor( if (!declarationStack.isEmpty()) { logger.errorElement("Declaration stack is not empty after processing the file", file) } + + linesOfCode?.linesOfCodeInFile(id) } } @@ -114,11 +120,7 @@ open class KotlinFileExtractor( } private fun shouldExtractDecl(declaration: IrDeclaration, extractPrivateMembers: Boolean) = - extractPrivateMembers || - when(declaration) { - is IrDeclarationWithVisibility -> declaration.visibility.let { it != DescriptorVisibilities.PRIVATE && it != DescriptorVisibilities.PRIVATE_TO_THIS } - else -> true - } + extractPrivateMembers || !isPrivate(declaration) fun extractDeclaration(declaration: IrDeclaration, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean) { with("declaration", declaration) { @@ -152,7 +154,7 @@ open class KotlinFileExtractor( is IrEnumEntry -> { val parentId = useDeclarationParent(declaration.parent, false)?.cast() if (parentId != null) { - extractEnumEntry(declaration, parentId, extractFunctionBodies) + extractEnumEntry(declaration, parentId, extractPrivateMembers, extractFunctionBodies) } Unit } @@ -200,6 +202,16 @@ open class KotlinFileExtractor( } } + if (tp.isReified) { + addModifiers(id, "reified") + } + + if (tp.variance == Variance.IN_VARIANCE) { + addModifiers(id, "in") + } else if (tp.variance == Variance.OUT_VARIANCE) { + addModifiers(id, "out") + } + return id } } @@ -228,7 +240,7 @@ open class KotlinFileExtractor( // default java visibility (top level) } JavaVisibilities.ProtectedAndPackage -> { - // default java visibility (member level) + addModifiers(id, "protected") } else -> logger.errorElement("Unexpected delegated visibility: $v", elementForLocation) } @@ -251,9 +263,23 @@ open class KotlinFileExtractor( } } + fun extractClassInstance(classLabel: Label, c: IrClass, argsIncludingOuterClasses: List?, shouldExtractOutline: Boolean, shouldExtractDetails: Boolean) { + DeclarationStackAdjuster(c).use { + if (shouldExtractOutline) { + extractClassWithoutMembers(c, argsIncludingOuterClasses) + } + + if (shouldExtractDetails) { + val supertypeMode = if (argsIncludingOuterClasses == null) ExtractSupertypesMode.Raw else ExtractSupertypesMode.Specialised(argsIncludingOuterClasses) + extractClassSupertypes(c, classLabel, supertypeMode, true) + extractNonPrivateMemberPrototypes(c, argsIncludingOuterClasses, classLabel) + } + } + } + // `argsIncludingOuterClasses` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. - fun extractClassInstance(c: IrClass, argsIncludingOuterClasses: List?): Label { + private fun extractClassWithoutMembers(c: IrClass, argsIncludingOuterClasses: List?): Label { with("class instance", c) { if (argsIncludingOuterClasses?.isEmpty() == true) { logger.error("Instance without type arguments: " + c.name.asString()) @@ -264,10 +290,9 @@ open class KotlinFileExtractor( val pkg = c.packageFqName?.asString() ?: "" val cls = classLabelResults.shortName val pkgId = extractPackage(pkg) - val kind = c.kind // TODO: There's lots of duplication between this and extractClassSource. // Can we share it? - if(kind == ClassKind.INTERFACE || kind == ClassKind.ANNOTATION_CLASS) { + if (c.isInterfaceLike) { val interfaceId = id.cast() val sourceInterfaceId = useClassSource(c).cast() tw.writeInterfaces(interfaceId, cls, pkgId, sourceInterfaceId) @@ -276,6 +301,7 @@ open class KotlinFileExtractor( val sourceClassId = useClassSource(c).cast() tw.writeClasses(classId, cls, pkgId, sourceClassId) + val kind = c.kind if (kind == ClassKind.ENUM_CLASS) { tw.writeIsEnumType(classId) } else if (kind != ClassKind.CLASS && kind != ClassKind.OBJECT) { @@ -337,23 +363,37 @@ open class KotlinFileExtractor( } } + private fun makeTypeParamSubstitution(c: IrClass, argsIncludingOuterClasses: List?) = + when (argsIncludingOuterClasses) { + null -> { x: IrType, _: TypeContext, _: IrPluginContext -> x.toRawType() } + else -> makeGenericSubstitutionFunction(c, argsIncludingOuterClasses) + } + + fun extractDeclarationPrototype(d: IrDeclaration, parentId: Label, argsIncludingOuterClasses: List?, typeParamSubstitutionQ: TypeSubstitution? = null) { + val typeParamSubstitution = typeParamSubstitutionQ ?: + when(val parent = d.parent) { + is IrClass -> makeTypeParamSubstitution(parent, argsIncludingOuterClasses) + else -> { + logger.warnElement("Unable to extract prototype of local declaration", d) + return + } + } + when (d) { + is IrFunction -> extractFunction(d, parentId, extractBody = false, extractMethodAndParameterTypeAccesses = false, typeParamSubstitution, argsIncludingOuterClasses) + is IrProperty -> extractProperty(d, parentId, extractBackingField = false, extractFunctionBodies = false, extractPrivateMembers = false, typeParamSubstitution, argsIncludingOuterClasses) + else -> {} + } + } + // `argsIncludingOuterClasses` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. - fun extractNonPrivateMemberPrototypes(c: IrClass, argsIncludingOuterClasses: List?, id: Label) { + private fun extractNonPrivateMemberPrototypes(c: IrClass, argsIncludingOuterClasses: List?, id: Label) { with("member prototypes", c) { - val typeParamSubstitution = - when (argsIncludingOuterClasses) { - null -> { x: IrType, _: TypeContext, _: IrPluginContext -> x.toRawType() } - else -> makeGenericSubstitutionFunction(c, argsIncludingOuterClasses) - } + val typeParamSubstitution = makeTypeParamSubstitution(c, argsIncludingOuterClasses) c.declarations.map { if (shouldExtractDecl(it, false)) { - when(it) { - is IrFunction -> extractFunction(it, id, extractBody = false, extractMethodAndParameterTypeAccesses = false, typeParamSubstitution, argsIncludingOuterClasses) - is IrProperty -> extractProperty(it, id, extractBackingField = false, extractFunctionBodies = false, extractPrivateMembers = false, typeParamSubstitution, argsIncludingOuterClasses) - else -> {} - } + extractDeclarationPrototype(it, id, argsIncludingOuterClasses, typeParamSubstitution) } } } @@ -386,9 +426,7 @@ open class KotlinFileExtractor( addModifiers(obinitId, "private") // add body: - val blockId = tw.getFreshIdLabel() - tw.writeStmts_block(blockId, obinitId, 0, obinitId) - tw.writeHasLocation(blockId, locId) + val blockId = extractBlockBody(obinitId, locId) extractDeclInitializers(c.declarations, false) { Pair(blockId, obinitId) } } @@ -403,14 +441,14 @@ open class KotlinFileExtractor( val pkg = c.packageFqName?.asString() ?: "" val cls = if (c.isAnonymousObject) "" else c.name.asString() val pkgId = extractPackage(pkg) - val kind = c.kind - if (kind == ClassKind.INTERFACE || kind == ClassKind.ANNOTATION_CLASS) { + if (c.isInterfaceLike) { val interfaceId = id.cast() tw.writeInterfaces(interfaceId, cls, pkgId, interfaceId) } else { val classId = id.cast() tw.writeClasses(classId, cls, pkgId, classId) + val kind = c.kind if (kind == ClassKind.ENUM_CLASS) { tw.writeIsEnumType(classId) } else if (kind != ClassKind.CLASS && kind != ClassKind.OBJECT) { @@ -457,6 +495,8 @@ open class KotlinFileExtractor( extractClassModifiers(c, id) extractClassSupertypes(c, id, inReceiverContext = true) // inReceiverContext = true is specified to force extraction of member prototypes of base types + linesOfCode?.linesOfCodeInDeclaration(c, id) + return id } } @@ -475,7 +515,7 @@ open class KotlinFileExtractor( val proxyFunctionId = tw.getLabelFor(getFunctionLabel(f, classId, listOf())) // We extract the function prototype with its ID overridden to belong to `c` not the companion object, // but suppress outputting the body, which we will replace with a delegating call below. - forceExtractFunction(f, classId, extractBody = false, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution = null, classTypeArgsIncludingOuterClasses = listOf(), idOverride = proxyFunctionId, locOverride = null, extractOrigin = false) + forceExtractFunction(f, classId, extractBody = false, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution = null, classTypeArgsIncludingOuterClasses = listOf(), extractOrigin = false, OverriddenFunctionAttributes(id = proxyFunctionId)) addModifiers(proxyFunctionId, "static") tw.writeCompiler_generated(proxyFunctionId, CompilerGeneratedKinds.JVMSTATIC_PROXY_METHOD.kind) if (extractFunctionBodies) { @@ -514,8 +554,12 @@ open class KotlinFileExtractor( val wholeDeclAnnotated = it.hasAnnotation(jvmStaticFqName) when(it) { is IrFunction -> { - if (wholeDeclAnnotated) + if (wholeDeclAnnotated) { makeProxyFunction(it) + if (it.hasAnnotation(jvmOverloadsFqName)) { + extractGeneratedOverloads(it, classId, classId, extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution = null, classTypeArgsIncludingOuterClasses = listOf()) + } + } } is IrProperty -> { it.getter?.let { getter -> @@ -549,12 +593,7 @@ open class KotlinFileExtractor( var parent: IrDeclarationParent? = declarationParent while (parent != null) { if (parent is IrClass) { - val parentId = - if (parent.isAnonymousObject) { - useAnonymousClass(parent).javaResult.id.cast() - } else { - useClassInstance(parent, parentClassTypeArguments).typeResult.id - } + val parentId = useClassInstance(parent, parentClassTypeArguments).typeResult.id tw.writeEnclInReftype(innerId, parentId) if (innerClass != null && innerClass.isCompanion) { // If we are a companion then our parent has a @@ -643,11 +682,11 @@ open class KotlinFileExtractor( extractTypeAccessRecursive(substitutedType, location, id, -1) } val syntheticParameterNames = isUnderscoreParameter(vp) || ((vp.parent as? IrFunction)?.let { hasSynthesizedParameterNames(it) } ?: true) - return extractValueParameter(id, substitutedType, vp.name.asString(), location, parent, idx, useValueParameter(vp, parentSourceDeclaration), vp.isVararg, syntheticParameterNames) + return extractValueParameter(id, substitutedType, vp.name.asString(), location, parent, idx, useValueParameter(vp, parentSourceDeclaration), syntheticParameterNames, vp.isVararg, vp.isNoinline, vp.isCrossinline) } } - private fun extractValueParameter(id: Label, t: IrType, name: String, locId: Label, parent: Label, idx: Int, paramSourceDeclaration: Label, isVararg: Boolean, syntheticParameterNames: Boolean): TypeResults { + private fun extractValueParameter(id: Label, t: IrType, name: String, locId: Label, parent: Label, idx: Int, paramSourceDeclaration: Label, syntheticParameterNames: Boolean, isVararg: Boolean, isNoinline: Boolean, isCrossinline: Boolean): TypeResults { val type = useType(t) tw.writeParams(id, type.javaResult.id, idx, parent, paramSourceDeclaration) tw.writeParamsKotlinType(id, type.kotlinResult.id) @@ -658,6 +697,12 @@ open class KotlinFileExtractor( if (isVararg) { tw.writeIsVarargsParam(id) } + if (isNoinline) { + addModifiers(id, "noinline") + } + if (isCrossinline) { + addModifiers(id, "crossinline") + } return type } @@ -676,7 +721,7 @@ open class KotlinFileExtractor( "", listOf(), pluginContext.irBuiltIns.unitType, - extensionReceiverParameter = null, + extensionParamType = null, functionTypeParameters = listOf(), classTypeArgsIncludingOuterClasses = listOf(), overridesCollectionsMethod = false, @@ -693,11 +738,10 @@ open class KotlinFileExtractor( val locId = tw.getWholeFileLocation() tw.writeHasLocation(clinitId, locId) + addModifiers(clinitId, "static") + // add and return body block: - Pair(tw.getFreshIdLabel().also({ - tw.writeStmts_block(it, clinitId, 0, clinitId) - tw.writeHasLocation(it, locId) - }), clinitId) + Pair(extractBlockBody(clinitId, locId), clinitId) } } } @@ -762,32 +806,18 @@ open class KotlinFileExtractor( val expr = initializer.expression val declLocId = tw.getLocation(f) - val stmtId = tw.getFreshIdLabel() - tw.writeStmts_exprstmt(stmtId, blockAndFunctionId.first, idx++, blockAndFunctionId.second) - tw.writeHasLocation(stmtId, declLocId) - val assignmentId = tw.getFreshIdLabel() - val type = useType(if (isAnnotationClassField) kClassToJavaClass(expr.type) else expr.type) - tw.writeExprs_assignexpr(assignmentId, type.javaResult.id, stmtId, 0) - tw.writeExprsKotlinType(assignmentId, type.kotlinResult.id) - tw.writeHasLocation(assignmentId, declLocId) - tw.writeCallableEnclosingExpr(assignmentId, blockAndFunctionId.second) - tw.writeStatementEnclosingExpr(assignmentId, stmtId) - tw.writeKtInitializerAssignment(assignmentId) - - val lhsId = tw.getFreshIdLabel() - tw.writeExprs_varaccess(lhsId, lhsType.javaResult.id, assignmentId, 0) - tw.writeExprsKotlinType(lhsId, lhsType.kotlinResult.id) - tw.writeHasLocation(lhsId, declLocId) - tw.writeCallableEnclosingExpr(lhsId, blockAndFunctionId.second) - tw.writeStatementEnclosingExpr(lhsId, stmtId) - - tw.writeVariableBinding(lhsId, vId) - - if (static) { - extractStaticTypeAccessQualifier(f, lhsId, declLocId, blockAndFunctionId.second, stmtId) + extractExpressionStmt(declLocId, blockAndFunctionId.first, idx++, blockAndFunctionId.second).also { stmtId -> + val type = if (isAnnotationClassField) kClassToJavaClass(expr.type) else expr.type + extractAssignExpr(type, declLocId, stmtId, 0, blockAndFunctionId.second, stmtId).also { assignmentId -> + tw.writeKtInitializerAssignment(assignmentId) + extractVariableAccess(vId, lhsType, declLocId, assignmentId, 0, blockAndFunctionId.second, stmtId).also { lhsId -> + if (static) { + extractStaticTypeAccessQualifier(f, lhsId, declLocId, blockAndFunctionId.second, stmtId) + } + } + extractExpressionExpr(expr, blockAndFunctionId.second, assignmentId, 1, stmtId) + } } - - extractExpressionExpr(expr, blockAndFunctionId.second, assignmentId, 1, stmtId) } for (decl in declarations) { @@ -818,87 +848,310 @@ open class KotlinFileExtractor( private fun extractFunction(f: IrFunction, parentId: Label, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List?) = if (isFake(f)) null - else - forceExtractFunction(f, parentId, extractBody, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses, null, null) + else { + forceExtractFunction(f, parentId, extractBody, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses).also { + // The defaults-forwarder function is a static utility, not a member, so we only need to extract this for the unspecialised instance of this class. + if (classTypeArgsIncludingOuterClasses.isNullOrEmpty()) + extractDefaultsFunction(f, parentId, extractBody, extractMethodAndParameterTypeAccesses) + extractGeneratedOverloads(f, parentId, null, extractBody, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses) + } + } - private fun forceExtractFunction(f: IrFunction, parentId: Label, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List?, idOverride: Label?, locOverride: Label?, extractOrigin: Boolean = true): Label { + private fun extractDefaultsFunction(f: IrFunction, parentId: Label, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean) { + if (f.valueParameters.none { it.defaultValue != null }) + return + + val id = getDefaultsMethodLabel(f) + val locId = getLocation(f, null) + val extReceiver = f.extensionReceiverParameter + val dispatchReceiver = if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter + val parameterTypes = listOfNotNull(extReceiver?.let { erase(it.type) }) + getDefaultsMethodArgTypes(f) + val allParamTypeResults = parameterTypes.mapIndexed { i, paramType -> + val paramId = tw.getLabelFor(getValueParameterLabel(id, i)) + extractValueParameter(paramId, paramType, "p$i", locId, id, i, paramId, isVararg = false, syntheticParameterNames = true, isCrossinline = false, isNoinline = false).also { + if (extractMethodAndParameterTypeAccesses) + extractTypeAccess(useType(paramType), locId, paramId, -1) + } + } + val paramsSignature = allParamTypeResults.joinToString(separator = ",", prefix = "(", postfix = ")") { signatureOrWarn(it.javaResult, f) } + val shortName = getDefaultsMethodName(f) + + if (f.symbol is IrConstructorSymbol) { + val constrId = id.cast() + extractConstructor(constrId, shortName, paramsSignature, parentId, constrId) + } else { + val methodId = id.cast() + extractMethod(methodId, locId, shortName, erase(f.returnType), paramsSignature, parentId, methodId, origin = null, extractTypeAccess = extractMethodAndParameterTypeAccesses) + addModifiers(id, "static") + } + tw.writeHasLocation(id, locId) + if (f.visibility != DescriptorVisibilities.PRIVATE && f.visibility != DescriptorVisibilities.PRIVATE_TO_THIS) { + // Private methods have package-private (default) visibility $default methods; all other visibilities seem to produce a public $default method. + addModifiers(id, "public") + } + tw.writeCompiler_generated(id, CompilerGeneratedKinds.DEFAULT_ARGUMENTS_METHOD.kind) + + if (extractBody) { + val nonSyntheticParams = listOfNotNull(dispatchReceiver) + f.valueParameters + // This stack entry represents as if we're extracting the 'real' function `f`, giving the indices of its non-synthetic parameters + // such that when we extract the default expressions below, any reference to f's nth parameter will resolve to f$default's + // n + o'th parameter, where `o` is the parameter offset caused by adding any dispatch receiver to the parameter list. + // Note we don't need to add the extension receiver here because `useValueParameter` always assumes an extension receiver + // will be prepended if one exists. + // Note we have to get the real function ID here before entering this block, because otherwise we'll misrepresent the signature of a generic + // function without its type variables -- for example, trying to address `f(T, List)` as `f(Object, List)`. + val realFunctionId = useFunction(f) + DeclarationStackAdjuster(f, OverriddenFunctionAttributes(id, id, locId, nonSyntheticParams, typeParameters = listOf(), isStatic = true)).use { + val realParamsVarId = getValueParameterLabel(id, parameterTypes.size - 2) + val intType = pluginContext.irBuiltIns.intType + val paramIdxOffset = listOf(dispatchReceiver, f.extensionReceiverParameter).count { it != null } + extractBlockBody(id, locId).also { blockId -> + var nextStmt = 0 + // For each parameter with a default, sub in the default value if the caller hasn't supplied a value: + f.valueParameters.forEachIndexed { paramIdx, param -> + val defaultVal = param.defaultValue + if (defaultVal != null) { + extractIfStmt(locId, blockId, nextStmt++, id).also { ifId -> + // if (realParams & thisParamBit == 0) ... + extractEqualsExpression(locId, ifId, 0, id, ifId).also { eqId -> + extractAndbitExpression(intType, locId, eqId, 0, id, ifId).also { opId -> + extractConstantInteger(1 shl paramIdx, locId, opId, 0, id, ifId) + extractVariableAccess(tw.getLabelFor(realParamsVarId), intType, locId, opId, 1, id, ifId) + } + extractConstantInteger(0, locId, eqId, 1, id, ifId) + } + // thisParamVar = defaultExpr... + extractExpressionStmt(locId, ifId, 1, id).also { exprStmtId -> + extractAssignExpr(param.type, locId, exprStmtId, 0, id, exprStmtId).also { assignId -> + extractVariableAccess(tw.getLabelFor(getValueParameterLabel(id, paramIdx + paramIdxOffset)), param.type, locId, assignId, 0, id, exprStmtId) + extractExpressionExpr(defaultVal.expression, id, assignId, 1, exprStmtId) + } + } + } + } + } + // Now call the real function: + if (f is IrConstructor) { + tw.getFreshIdLabel().also { thisCallId -> + tw.writeStmts_constructorinvocationstmt(thisCallId, blockId, nextStmt++, id) + tw.writeHasLocation(thisCallId, locId) + f.valueParameters.forEachIndexed { idx, param -> + extractVariableAccess(tw.getLabelFor(getValueParameterLabel(id, idx)), param.type, locId, thisCallId, idx, id, thisCallId) + } + tw.writeCallableBinding(thisCallId, realFunctionId) + } + } else { + tw.getFreshIdLabel().also { returnId -> + tw.writeStmts_returnstmt(returnId, blockId, nextStmt++, id) + tw.writeHasLocation(returnId, locId) + extractMethodAccessWithoutArgs(f.returnType, locId, id, returnId, 0, returnId, realFunctionId).also { thisCallId -> + val realFnIdxOffset = if (f.extensionReceiverParameter != null) 1 else 0 + val paramMappings = f.valueParameters.mapIndexed { idx, param -> Triple(param.type, idx + paramIdxOffset, idx + realFnIdxOffset) } + + listOfNotNull( + dispatchReceiver?.let { Triple(it.type, realFnIdxOffset, -1) }, + extReceiver?.let { Triple(it.type, 0, 0) } + ) + paramMappings.forEach { (type, fromIdx, toIdx) -> + extractVariableAccess(tw.getLabelFor(getValueParameterLabel(id, fromIdx)), type, locId, thisCallId, toIdx, id, returnId) + } + if (f.shouldExtractAsStatic) + extractStaticTypeAccessQualifier(f, thisCallId, locId, id, returnId) + else if (f.isLocalFunction()) { + extractNewExprForLocalFunction(getLocallyVisibleFunctionLabels(f), thisCallId, locId, id, returnId) + } + } + } + } + } + } + } + } + + private val jvmOverloadsFqName = FqName("kotlin.jvm.JvmOverloads") + + private fun extractGeneratedOverloads(f: IrFunction, parentId: Label, maybeSourceParentId: Label?, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List?) { + if (!f.hasAnnotation(jvmOverloadsFqName)) + return + + fun extractGeneratedOverload(paramList: List) { + val overloadParameters = paramList.filterIsInstance() + // Note `overloadParameters` have incorrect parents and indices, since there is no actual IrFunction describing the required synthetic overload. + // We have to use the `overriddenAttributes` element of `DeclarationStackAdjuster` to fix up references to these parameters while we're extracting + // these synthetic overloads. + val overloadId = tw.getLabelFor(getFunctionLabel(f, parentId, classTypeArgsIncludingOuterClasses, overloadParameters)) + val sourceParentId = + maybeSourceParentId ?: + if (typeSubstitution != null) + useDeclarationParent(f.parent, false) + else + parentId + val sourceDeclId = tw.getLabelFor(getFunctionLabel(f, sourceParentId, listOf(), overloadParameters)) + val overriddenAttributes = OverriddenFunctionAttributes(id = overloadId, sourceDeclarationId = sourceDeclId, valueParameters = overloadParameters) + forceExtractFunction(f, parentId, extractBody = false, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses, overriddenAttributes = overriddenAttributes) + tw.writeCompiler_generated(overloadId, CompilerGeneratedKinds.JVMOVERLOADS_METHOD.kind) + val realFunctionLocId = tw.getLocation(f) + if (extractBody) { + + DeclarationStackAdjuster(f, overriddenAttributes).use { + + fun extractNormalArgs(argParentId: Label, idxOffset: Int, enclosingStmtId: Label) { + paramList.forEachIndexed { idx, param -> + when(param) { + is IrValueParameter -> { + // Forward a parameter: + val syntheticParamId = useValueParameter(param, overloadId) + extractVariableAccess(syntheticParamId, param.type, realFunctionLocId, argParentId, idxOffset + idx, overloadId, enclosingStmtId) + } + is IrExpression -> { + // Supply a default argument: + extractExpressionExpr(param, overloadId, argParentId, idxOffset + idx, enclosingStmtId) + } + else -> { + logger.errorElement("Unexpected parameter list entry", param) + } + } + } + } + + // Create a synthetic function body that calls the real function supplying default arguments where required: + if (f is IrConstructor) { + val blockId = extractBlockBody(overloadId, realFunctionLocId) + val constructorCallId = tw.getFreshIdLabel() + tw.writeStmts_constructorinvocationstmt(constructorCallId, blockId, 0, overloadId) + tw.writeHasLocation(constructorCallId, realFunctionLocId) + tw.writeCallableBinding(constructorCallId, useFunction(f)) + + extractNormalArgs(constructorCallId, 0, constructorCallId) + } else { + extractExpressionBody(overloadId, realFunctionLocId).also { returnId -> + extractRawMethodAccess( + f, + realFunctionLocId, + f.returnType, + overloadId, + returnId, + 0, + returnId, + f.valueParameters.size, + { argParentId, idxOffset -> + extractNormalArgs(argParentId, idxOffset, returnId) + }, + f.dispatchReceiverParameter?.type, + f.dispatchReceiverParameter?.let { { callId -> + extractThisAccess(it.type, overloadId, callId, -1, returnId, realFunctionLocId) + } }, + f.extensionReceiverParameter?.let { { argParentId -> + val syntheticParamId = useValueParameter(it, overloadId) + extractVariableAccess(syntheticParamId, it.type, realFunctionLocId, argParentId, 0, overloadId, returnId) + } } + ) + } + } + } + } + } + + val paramList: MutableList = f.valueParameters.toMutableList() + for (n in (paramList.size - 1) downTo 0) { + (paramList[n] as? IrValueParameter)?.defaultValue?.expression?.let { + paramList[n] = it // Replace the last parameter that has a default with that default value. + extractGeneratedOverload(paramList) + } + } + } + + private fun extractConstructor(id: Label, shortName: String, paramsSignature: String, parentId: Label, sourceDeclaration: Label) { + val unitType = useType(pluginContext.irBuiltIns.unitType, TypeContext.RETURN) + tw.writeConstrs(id, shortName, "$shortName$paramsSignature", unitType.javaResult.id, parentId, sourceDeclaration) + tw.writeConstrsKotlinType(id, unitType.kotlinResult.id) + } + + private fun extractMethod(id: Label, locId: Label, shortName: String, returnType: IrType, paramsSignature: String, parentId: Label, sourceDeclaration: Label, origin: IrDeclarationOrigin?, extractTypeAccess: Boolean) { + val returnTypeResults = useType(returnType, TypeContext.RETURN) + tw.writeMethods(id, shortName, "$shortName$paramsSignature", returnTypeResults.javaResult.id, parentId, sourceDeclaration) + tw.writeMethodsKotlinType(id, returnTypeResults.kotlinResult.id) + when (origin) { + IrDeclarationOrigin.GENERATED_DATA_CLASS_MEMBER -> + tw.writeCompiler_generated(id, CompilerGeneratedKinds.GENERATED_DATA_CLASS_MEMBER.kind) + IrDeclarationOrigin.DEFAULT_PROPERTY_ACCESSOR -> + tw.writeCompiler_generated(id, CompilerGeneratedKinds.DEFAULT_PROPERTY_ACCESSOR.kind) + IrDeclarationOrigin.ENUM_CLASS_SPECIAL_MEMBER -> + tw.writeCompiler_generated(id, CompilerGeneratedKinds.ENUM_CLASS_SPECIAL_MEMBER.kind) + } + if (extractTypeAccess) { + extractTypeAccessRecursive(returnType, locId, id, -1) + } + } + + private fun signatureOrWarn(t: TypeResult<*>, associatedElement: IrElement?) = + t.signature ?: "".also { + if (associatedElement != null) + logger.warnElement("Needed a signature for a type that doesn't have one", associatedElement) + else + logger.warn("Needed a signature for a type that doesn't have one") + } + + private fun forceExtractFunction(f: IrFunction, parentId: Label, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List?, extractOrigin: Boolean = true, overriddenAttributes: OverriddenFunctionAttributes? = null): Label { with("function", f) { - DeclarationStackAdjuster(f).use { + DeclarationStackAdjuster(f, overriddenAttributes).use { val javaCallable = getJavaCallable(f) getFunctionTypeParameters(f).mapIndexed { idx, tp -> extractTypeParameter(tp, idx, (javaCallable as? JavaTypeParameterListOwner)?.typeParameters?.getOrNull(idx)) } val id = - idOverride + overriddenAttributes?.id ?: // If this is a class that would ordinarily be replaced by a Java equivalent (e.g. kotlin.Map -> java.util.Map), // don't replace here, really extract the Kotlin version: useFunction(f, parentId, classTypeArgsIncludingOuterClasses, noReplace = true) val sourceDeclaration = - if (typeSubstitution != null && idOverride == null) - useFunction(f) - else - id + overriddenAttributes?.sourceDeclarationId ?: + if (typeSubstitution != null && overriddenAttributes?.id == null) + useFunction(f) + else + id val extReceiver = f.extensionReceiverParameter val idxOffset = if (extReceiver != null) 1 else 0 - val paramTypes = f.valueParameters.mapIndexed { i, vp -> - extractValueParameter(vp, id, i + idxOffset, typeSubstitution, sourceDeclaration, classTypeArgsIncludingOuterClasses, extractTypeAccess = extractMethodAndParameterTypeAccesses, locOverride) + val fParameters = overriddenAttributes?.valueParameters ?: f.valueParameters + val paramTypes = fParameters.mapIndexed { i, vp -> + extractValueParameter(vp, id, i + idxOffset, typeSubstitution, sourceDeclaration, classTypeArgsIncludingOuterClasses, extractTypeAccess = extractMethodAndParameterTypeAccesses, overriddenAttributes?.sourceLoc) } val allParamTypes = if (extReceiver != null) { val extendedType = useType(extReceiver.type) tw.writeKtExtensionFunctions(id.cast(), extendedType.javaResult.id, extendedType.kotlinResult.id) - val t = extractValueParameter(extReceiver, id, 0, null, sourceDeclaration, classTypeArgsIncludingOuterClasses, extractTypeAccess = extractMethodAndParameterTypeAccesses, locOverride) + val t = extractValueParameter(extReceiver, id, 0, null, sourceDeclaration, classTypeArgsIncludingOuterClasses, extractTypeAccess = extractMethodAndParameterTypeAccesses, overriddenAttributes?.sourceLoc) listOf(t) + paramTypes } else { paramTypes } - val paramsSignature = allParamTypes.joinToString(separator = ",", prefix = "(", postfix = ")") { it.javaResult.signature } + val paramsSignature = allParamTypes.joinToString(separator = ",", prefix = "(", postfix = ")") { signatureOrWarn(it.javaResult, f) } val adjustedReturnType = addJavaLoweringWildcards(getAdjustedReturnType(f), false, (javaCallable as? JavaMethod)?.returnType) val substReturnType = typeSubstitution?.let { it(adjustedReturnType, TypeContext.RETURN, pluginContext) } ?: adjustedReturnType - val locId = locOverride ?: getLocation(f, classTypeArgsIncludingOuterClasses) + val locId = overriddenAttributes?.sourceLoc ?: getLocation(f, classTypeArgsIncludingOuterClasses) if (f.symbol is IrConstructorSymbol) { - val unitType = useType(pluginContext.irBuiltIns.unitType, TypeContext.RETURN) val shortName = when { adjustedReturnType.isAnonymous -> "" typeSubstitution != null -> useType(substReturnType).javaResult.shortName else -> adjustedReturnType.classFqName?.shortName()?.asString() ?: f.name.asString() } - val constrId = id.cast() - tw.writeConstrs(constrId, shortName, "$shortName$paramsSignature", unitType.javaResult.id, parentId, sourceDeclaration.cast()) - tw.writeConstrsKotlinType(constrId, unitType.kotlinResult.id) + extractConstructor(id.cast(), shortName, paramsSignature, parentId, sourceDeclaration.cast()) } else { - val returnType = useType(substReturnType, TypeContext.RETURN) - val shortName = getFunctionShortName(f) + val shortNames = getFunctionShortName(f) val methodId = id.cast() - tw.writeMethods(methodId, shortName.nameInDB, "${shortName.nameInDB}$paramsSignature", returnType.javaResult.id, parentId, sourceDeclaration.cast()) - tw.writeMethodsKotlinType(methodId, returnType.kotlinResult.id) - if (extractOrigin) { - when (f.origin) { - IrDeclarationOrigin.GENERATED_DATA_CLASS_MEMBER -> - tw.writeCompiler_generated(methodId, CompilerGeneratedKinds.GENERATED_DATA_CLASS_MEMBER.kind) - IrDeclarationOrigin.DEFAULT_PROPERTY_ACCESSOR -> - tw.writeCompiler_generated(methodId, CompilerGeneratedKinds.DEFAULT_PROPERTY_ACCESSOR.kind) - IrDeclarationOrigin.ENUM_CLASS_SPECIAL_MEMBER -> - tw.writeCompiler_generated(methodId, CompilerGeneratedKinds.ENUM_CLASS_SPECIAL_MEMBER.kind) - } - } + extractMethod(methodId, locId, shortNames.nameInDB, substReturnType, paramsSignature, parentId, sourceDeclaration.cast(), if (extractOrigin) f.origin else null, extractMethodAndParameterTypeAccesses) - if (extractMethodAndParameterTypeAccesses) { - extractTypeAccessRecursive(substReturnType, locId, id, -1) - } - - if (shortName.nameInDB != shortName.kotlinName) { - tw.writeKtFunctionOriginalNames(methodId, shortName.kotlinName) + if (shortNames.nameInDB != shortNames.kotlinName) { + tw.writeKtFunctionOriginalNames(methodId, shortNames.kotlinName) } if (f.hasInterfaceParent() && f.body != null) { - addModifiers(id, "default") // The actual output class file may or may not have this modifier, depending on the -Xjvm-default setting. + addModifiers(methodId, "default") // The actual output class file may or may not have this modifier, depending on the -Xjvm-default setting. } } @@ -925,6 +1178,8 @@ open class KotlinFileExtractor( addModifiers(id, "suspend") } + linesOfCode?.linesOfCodeInDeclaration(f, id) + return id } } @@ -1028,6 +1283,10 @@ open class KotlinFileExtractor( } extractVisibility(p, id, p.visibility) + + if (p.isLateinit) { + addModifiers(id, "lateinit") + } } } } @@ -1045,7 +1304,7 @@ open class KotlinFileExtractor( } } - private fun extractEnumEntry(ee: IrEnumEntry, parentId: Label, extractTypeAccess: Boolean) { + private fun extractEnumEntry(ee: IrEnumEntry, parentId: Label, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean) { with("enum entry", ee) { DeclarationStackAdjuster(ee).use { val id = useEnumEntry(ee) @@ -1054,8 +1313,9 @@ open class KotlinFileExtractor( tw.writeFieldsKotlinType(id, type.kotlinResult.id) val locId = tw.getLocation(ee) tw.writeHasLocation(id, locId) + tw.writeIsEnumConst(id) - if (extractTypeAccess) { + if (extractFunctionBodies) { val fieldDeclarationId = tw.getFreshIdLabel() tw.writeFielddecls(fieldDeclarationId, parentId) tw.writeFieldDeclaredIn(id, fieldDeclarationId, 0) @@ -1063,6 +1323,10 @@ open class KotlinFileExtractor( extractTypeAccess(type, locId, fieldDeclarationId, 0) } + + ee.correspondingClass?.let { + extractDeclaration(it, extractPrivateMembers, extractFunctionBodies) + } } } } @@ -1095,14 +1359,18 @@ open class KotlinFileExtractor( } } + private fun extractBlockBody(callable: Label, locId: Label) = + tw.getFreshIdLabel().also { + tw.writeStmts_block(it, callable, 0, callable) + tw.writeHasLocation(it, locId) + } + private fun extractBlockBody(b: IrBlockBody, callable: Label) { with("block body", b) { - val id = tw.getFreshIdLabel() - val locId = tw.getLocation(b) - tw.writeStmts_block(id, callable, 0, callable) - tw.writeHasLocation(id, locId) - for ((sIdx, stmt) in b.statements.withIndex()) { - extractStatement(stmt, callable, id, sIdx) + extractBlockBody(callable, tw.getLocation(b)).also { + for ((sIdx, stmt) in b.statements.withIndex()) { + extractStatement(stmt, callable, it, sIdx) + } } } } @@ -1125,11 +1393,8 @@ open class KotlinFileExtractor( } } - fun extractExpressionBody(callable: Label, locId: Label): Label { - val blockId = tw.getFreshIdLabel() - tw.writeStmts_block(blockId, callable, 0, callable) - tw.writeHasLocation(blockId, locId) - + fun extractExpressionBody(callable: Label, locId: Label): Label { + val blockId = extractBlockBody(callable, locId) return tw.getFreshIdLabel().also { returnId -> tw.writeStmts_returnstmt(returnId, blockId, 0, callable) tw.writeHasLocation(returnId, locId) @@ -1177,9 +1442,18 @@ open class KotlinFileExtractor( if (!v.isVar) { addModifiers(varId, "final") } + if (v.isLateinit) { + addModifiers(varId, "lateinit") + } } } + private fun extractIfStmt(locId: Label, parent: Label, idx: Int, callable: Label) = + tw.getFreshIdLabel().also { + tw.writeStmts_ifstmt(it, parent, idx, callable) + tw.writeHasLocation(it, locId) + } + private fun extractStatement(s: IrStatement, callable: Label, parent: Label, idx: Int) { with("statement", s) { when(s) { @@ -1407,9 +1681,213 @@ open class KotlinFileExtractor( extractTypeAccessRecursive(pluginContext.irBuiltIns.anyType, locId, idNewexpr, -3, enclosingCallable, enclosingStmt) } + private fun extractMethodAccessWithoutArgs( + returnType: IrType, + locId: Label, + enclosingCallable: Label, + callsiteParent: Label, + childIdx: Int, + enclosingStmt: Label, + methodLabel: Label? + ) = tw.getFreshIdLabel().also { id -> + val type = useType(returnType) + + tw.writeExprs_methodaccess(id, type.javaResult.id, callsiteParent, childIdx) + tw.writeExprsKotlinType(id, type.kotlinResult.id) + tw.writeHasLocation(id, locId) + tw.writeCallableEnclosingExpr(id, enclosingCallable) + tw.writeStatementEnclosingExpr(id, enclosingStmt) + + // The caller should have warned about this before, so we don't repeat the warning here. + if (methodLabel != null) + tw.writeCallableBinding(id, methodLabel) + } + + private val defaultConstructorMarkerClass by lazy { + val result = pluginContext.referenceClass(FqName("kotlin.jvm.internal.DefaultConstructorMarker"))?.owner + result?.let { extractExternalClassLater(it) } + result + } + + private val defaultConstructorMarkerType by lazy { + defaultConstructorMarkerClass?.typeWith() + } + + private fun getDefaultsMethodLastArgType(f: IrFunction) = + ( + if (f is IrConstructor) + defaultConstructorMarkerType + else + null + ) ?: pluginContext.irBuiltIns.anyType + + private fun getDefaultsMethodArgTypes(f: IrFunction) = + // The $default method has type ([extensionReceiver], [dispatchReceiver], paramTypes..., int, Object) + // All parameter types are erased. The trailing int is a mask indicating which parameter values are real + // and which should be replaced by defaults. The final Object parameter is apparently always null. + ( + listOfNotNull(if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter?.type) + + f.valueParameters.map { it.type } + + listOf(pluginContext.irBuiltIns.intType, getDefaultsMethodLastArgType(f)) + ).map { erase(it) } + + private fun getDefaultsMethodName(f: IrFunction) = + if (f is IrConstructor) { + f.returnType.let { + when { + it.isAnonymous -> "" + else -> it.classFqName?.shortName()?.asString() ?: f.name.asString() + } + } + } else { + getFunctionShortName(f).nameInDB + "\$default" + } + + private fun getDefaultsMethodLabel(f: IrFunction): Label { + val defaultsMethodName = getDefaultsMethodName(f) + val normalArgTypes = getDefaultsMethodArgTypes(f) + val extensionParamType = f.extensionReceiverParameter?.let { erase(it.type) } + + val defaultMethodLabelStr = getFunctionLabel( + f.parent, + maybeParentId = null, + defaultsMethodName, + normalArgTypes, + erase(f.returnType), + extensionParamType, + listOf(), + classTypeArgsIncludingOuterClasses = null, + overridesCollectionsMethod = false, + javaSignature = null, + addParameterWildcardsByDefault = false + ) + + return tw.getLabelFor(defaultMethodLabelStr) + } + + private fun extractsDefaultsCall( + syntacticCallTarget: IrFunction, + locId: Label, + resultType: IrType, + enclosingCallable: Label, + callsiteParent: Label, + childIdx: Int, + enclosingStmt: Label, + valueArguments: List, + dispatchReceiver: IrExpression?, + extensionReceiver: IrExpression? + ) { + val callTarget = syntacticCallTarget.target.realOverrideTarget + if (isExternalDeclaration(callTarget)) { + // Ensure the real target gets extracted, as we might not every directly touch it thanks to this call being redirected to a $default method. + useFunction(callTarget) + } + val defaultMethodLabel = getDefaultsMethodLabel(callTarget) + val id = extractMethodAccessWithoutArgs(resultType, locId, enclosingCallable, callsiteParent, childIdx, enclosingStmt, defaultMethodLabel) + + if (callTarget.isLocalFunction()) { + extractTypeAccess(getLocallyVisibleFunctionLabels(callTarget).type, locId, id, -1, enclosingCallable, enclosingStmt) + } else { + extractStaticTypeAccessQualifierUnchecked(callTarget.parent, id, locId, enclosingCallable, enclosingStmt) + } + + extractDefaultsCallArguments(id, callTarget, enclosingCallable, enclosingStmt, valueArguments, dispatchReceiver, extensionReceiver) + } + + private fun extractDefaultsCallArguments( + id: Label, + callTarget: IrFunction, + enclosingCallable: Label, + enclosingStmt: Label, + valueArguments: List, + dispatchReceiver: IrExpression?, + extensionReceiver: IrExpression? + ) { + var nextIdx = 0 + if (extensionReceiver != null) { + extractExpressionExpr(extensionReceiver, enclosingCallable, id, nextIdx++, enclosingStmt) + } + if (dispatchReceiver != null && !callTarget.shouldExtractAsStatic) { + extractExpressionExpr(dispatchReceiver, enclosingCallable, id, nextIdx++, enclosingStmt) + } + + val valueArgsWithDummies = valueArguments.zip(callTarget.valueParameters).map { + (expr, param) -> expr ?: IrConstImpl.defaultValueForType(0, 0, param.type) + } + + var realParamsMask = 0 + valueArguments.forEachIndexed { index, arg -> if (arg != null) realParamsMask = realParamsMask or (1 shl index) } + + val extraArgs = listOf( + IrConstImpl.int(0, 0, pluginContext.irBuiltIns.intType, realParamsMask), + IrConstImpl.defaultValueForType(0, 0, getDefaultsMethodLastArgType(callTarget)) + ) + + extractCallValueArguments(id, valueArgsWithDummies + extraArgs, enclosingStmt, enclosingCallable, nextIdx) + } + + private fun getFunctionInvokeMethod(typeArgs: List): IrFunction? { + // For `kotlin.FunctionX` and `kotlin.reflect.KFunctionX` interfaces, we're making sure that we + // extract the call to the `invoke` method that does exist, `kotlin.jvm.functions.FunctionX::invoke`. + val functionalInterface = getFunctionalInterfaceTypeWithTypeArgs(typeArgs) + if (functionalInterface == null) { + logger.warn("Cannot find functional interface type for raw method access") + return null + } + val functionalInterfaceClass = functionalInterface.classOrNull + if (functionalInterfaceClass == null) { + logger.warn("Cannot find functional interface class for raw method access") + return null + } + val interfaceType = functionalInterfaceClass.owner + val substituted = getJavaEquivalentClass(interfaceType) ?: interfaceType + val function = findFunction(substituted, OperatorNameConventions.INVOKE.asString()) + if (function == null) { + logger.warn("Cannot find invoke function for raw method access") + return null + } + return function + } + + private fun isFunctionInvoke(callTarget: IrFunction, drType: IrSimpleType) = + (drType.isFunctionOrKFunction() || drType.isSuspendFunctionOrKFunction()) && + callTarget.name.asString() == OperatorNameConventions.INVOKE.asString() + + private fun getCalleeMethodId(callTarget: IrFunction, drType: IrType?, allowInstantiatedGenericMethod: Boolean): Label? { + if (callTarget.isLocalFunction()) + return getLocallyVisibleFunctionLabels(callTarget).function + + if (allowInstantiatedGenericMethod && drType is IrSimpleType && !isUnspecialised(drType, logger)) { + val calleeIsInvoke = isFunctionInvoke(callTarget, drType) + + val extractionMethod = + if (calleeIsInvoke) + getFunctionInvokeMethod(drType.arguments) + else + callTarget + + return extractionMethod?.let { + val typeArgs = + if (calleeIsInvoke && drType.arguments.size > BuiltInFunctionArity.BIG_ARITY) { + // Big arity `invoke` methods have a special implementation on JVM, they are transformed to a call to + // `kotlin.jvm.functions.FunctionN::invoke(vararg args: Any?)`, so we only need to pass the type + // argument for the return type. Additionally, the arguments are extracted inside an array literal below. + listOf(drType.arguments.last()) + } else { + getDeclaringTypeArguments(callTarget, drType) + } + useFunction(extractionMethod, typeArgs) + } + } + else { + return useFunction(callTarget) + } + } + fun extractRawMethodAccess( syntacticCallTarget: IrFunction, - callsite: IrCall, + locElement: IrElement, + resultType: IrType, enclosingCallable: Label, callsiteParent: Label, childIdx: Int, @@ -1421,29 +1899,42 @@ open class KotlinFileExtractor( extractClassTypeArguments: Boolean = false, superQualifierSymbol: IrClassSymbol? = null) { - val locId = tw.getLocation(callsite) - - extractRawMethodAccess( - syntacticCallTarget, - locId, - callsite.type, - enclosingCallable, - callsiteParent, - childIdx, - enclosingStmt, - valueArguments.size, - { argParent, idxOffset -> extractCallValueArguments(argParent, valueArguments, enclosingStmt, enclosingCallable, idxOffset) }, - dispatchReceiver?.type, - dispatchReceiver?.let { { callId -> extractExpressionExpr(dispatchReceiver, enclosingCallable, callId, -1, enclosingStmt) } }, - extensionReceiver?.let { { argParent -> extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt) } }, - typeArguments, - extractClassTypeArguments, - superQualifierSymbol - ) + val locId = tw.getLocation(locElement) + if (valueArguments.any { it == null }) { + extractsDefaultsCall( + syntacticCallTarget, + locId, + resultType, + enclosingCallable, + callsiteParent, + childIdx, + enclosingStmt, + valueArguments, + dispatchReceiver, + extensionReceiver + ) + } else { + extractRawMethodAccess( + syntacticCallTarget, + locId, + resultType, + enclosingCallable, + callsiteParent, + childIdx, + enclosingStmt, + valueArguments.size, + { argParent, idxOffset -> extractCallValueArguments(argParent, valueArguments, enclosingStmt, enclosingCallable, idxOffset) }, + dispatchReceiver?.type, + dispatchReceiver?.let { { callId -> extractExpressionExpr(dispatchReceiver, enclosingCallable, callId, -1, enclosingStmt) } }, + extensionReceiver?.let { { argParent -> extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt) } }, + typeArguments, + extractClassTypeArguments, + superQualifierSymbol + ) + } } - fun extractRawMethodAccess( syntacticCallTarget: IrFunction, locId: Label, @@ -1462,98 +1953,32 @@ open class KotlinFileExtractor( superQualifierSymbol: IrClassSymbol? = null) { val callTarget = syntacticCallTarget.target.realOverrideTarget - val id = tw.getFreshIdLabel() - val type = useType(returnType) + val methodId = getCalleeMethodId(callTarget, drType, extractClassTypeArguments) + if (methodId == null) { + logger.warn("No method to bind call to for raw method access") + } - tw.writeExprs_methodaccess(id, type.javaResult.id, callsiteParent, childIdx) - tw.writeExprsKotlinType(id, type.kotlinResult.id) - tw.writeHasLocation(id, locId) - tw.writeCallableEnclosingExpr(id, enclosingCallable) - tw.writeStatementEnclosingExpr(id, enclosingStmt) + val id = extractMethodAccessWithoutArgs(returnType, locId, enclosingCallable, callsiteParent, childIdx, enclosingStmt, methodId) // type arguments at index -2, -3, ... extractTypeArguments(typeArguments, locId, id, enclosingCallable, enclosingStmt, -2, true) - val (isFunctionInvoke, isBigArityFunctionInvoke) = - if (drType is IrSimpleType && - (drType.isFunctionOrKFunction() || drType.isSuspendFunctionOrKFunction()) && - callTarget.name.asString() == OperatorNameConventions.INVOKE.asString()) { - Pair(true, drType.arguments.size > BuiltInFunctionArity.BIG_ARITY) - } else { - Pair(false, false) - } - if (callTarget.isLocalFunction()) { - val ids = getLocallyVisibleFunctionLabels(callTarget) - - val methodId = ids.function - tw.writeCallableBinding(id, methodId) - - extractNewExprForLocalFunction(ids, id, locId, enclosingCallable, enclosingStmt) - } else { - val methodId = - if (extractClassTypeArguments && drType is IrSimpleType && !isUnspecialised(drType, logger)) { - - val extractionMethod = if (isFunctionInvoke) { - // For `kotlin.FunctionX` and `kotlin.reflect.KFunctionX` interfaces, we're making sure that we - // extract the call to the `invoke` method that does exist, `kotlin.jvm.functions.FunctionX::invoke`. - val functionalInterface = getFunctionalInterfaceTypeWithTypeArgs(drType.arguments) - if (functionalInterface == null) { - logger.warn("Cannot find functional interface type for raw method access") - null - } else { - val functionalInterfaceClass = functionalInterface.classOrNull - if (functionalInterfaceClass == null) { - logger.warn("Cannot find functional interface class for raw method access") - null - } else { - val interfaceType = functionalInterfaceClass.owner - val substituted = getJavaEquivalentClass(interfaceType) ?: interfaceType - val function = findFunction(substituted, OperatorNameConventions.INVOKE.asString()) - if (function == null) { - logger.warn("Cannot find invoke function for raw method access") - null - } else { - function - } - } - } - } else { - callTarget - } - - if (extractionMethod == null) { - null - } else if (isBigArityFunctionInvoke) { - // Big arity `invoke` methods have a special implementation on JVM, they are transformed to a call to - // `kotlin.jvm.functions.FunctionN::invoke(vararg args: Any?)`, so we only need to pass the type - // argument for the return type. Additionally, the arguments are extracted inside an array literal below. - useFunction(extractionMethod, listOf(drType.arguments.last())) - } else { - useFunction(extractionMethod, getDeclaringTypeArguments(callTarget, drType)) - } - } - else { - useFunction(callTarget) - } - - if (methodId == null) { - logger.warn("No method to bind call to for raw method access") - } else { - tw.writeCallableBinding(id, methodId) - } - - if (callTarget.shouldExtractAsStatic) { - extractStaticTypeAccessQualifier(callTarget, id, locId, enclosingCallable, enclosingStmt) - } else if (superQualifierSymbol != null) { - extractSuperAccess(superQualifierSymbol.typeWith(), enclosingCallable, id, -1, enclosingStmt, locId) - } else if (extractDispatchReceiver != null) { - extractDispatchReceiver(id) - } + extractNewExprForLocalFunction(getLocallyVisibleFunctionLabels(callTarget), id, locId, enclosingCallable, enclosingStmt) + } else if (callTarget.shouldExtractAsStatic) { + extractStaticTypeAccessQualifier(callTarget, id, locId, enclosingCallable, enclosingStmt) + } else if (superQualifierSymbol != null) { + extractSuperAccess(superQualifierSymbol.typeWith(), enclosingCallable, id, -1, enclosingStmt, locId) + } else if (extractDispatchReceiver != null) { + extractDispatchReceiver(id) } val idxOffset = if (extractExtensionReceiver != null) 1 else 0 + val isBigArityFunctionInvoke = drType is IrSimpleType && + isFunctionInvoke(callTarget, drType) && + drType.arguments.size > BuiltInFunctionArity.BIG_ARITY + val argParent = if (isBigArityFunctionInvoke) { extractArrayCreationWithInitializer(id, nValueArguments + idxOffset, locId, enclosingCallable, enclosingStmt) } else { @@ -1567,16 +1992,19 @@ open class KotlinFileExtractor( extractValueArguments(argParent, idxOffset) } + private fun extractStaticTypeAccessQualifierUnchecked(parent: IrDeclarationParent, parentExpr: Label, locId: Label, enclosingCallable: Label, enclosingStmt: Label) { + if (parent is IrClass) { + extractTypeAccessRecursive(parent.toRawType(), locId, parentExpr, -1, enclosingCallable, enclosingStmt) + } else if (parent is IrFile) { + extractTypeAccess(useFileClassType(parent), locId, parentExpr, -1, enclosingCallable, enclosingStmt) + } else { + logger.warnElement("Unexpected static type access qualifier ${parent.javaClass}", parent) + } + } + private fun extractStaticTypeAccessQualifier(target: IrDeclaration, parentExpr: Label, locId: Label, enclosingCallable: Label, enclosingStmt: Label) { if (target.shouldExtractAsStatic) { - val parent = target.parent - if (parent is IrClass) { - extractTypeAccessRecursive(parent.toRawType(), locId, parentExpr, -1, enclosingCallable, enclosingStmt) - } else if (parent is IrFile) { - extractTypeAccess(useFileClassType(parent), locId, parentExpr, -1, enclosingCallable, enclosingStmt) - } else { - logger.warnElement("Unexpected static type access qualifer ${parent.javaClass}", target) - } + extractStaticTypeAccessQualifierUnchecked(target.parent, parentExpr, locId, enclosingCallable, enclosingStmt) } } @@ -1765,6 +2193,8 @@ open class KotlinFileExtractor( isFunction(target, "kotlin", "Double", fName) } + private fun isNumericFunction(target: IrFunction, fNames: List) = fNames.any { isNumericFunction(target, it) } + private fun isArrayType(typeName: String) = when(typeName) { "Array" -> true @@ -1819,7 +2249,7 @@ open class KotlinFileExtractor( return } - extractRawMethodAccess(syntacticCallTarget, c, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments, c.superQualifierSymbol) + extractRawMethodAccess(syntacticCallTarget, c, c.type, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments, c.superQualifierSymbol) } fun extractSpecialEnumFunction(fnName: String){ @@ -1885,6 +2315,22 @@ open class KotlinFileExtractor( } } + fun unaryopReceiver(id: Label, receiver: IrExpression?, receiverDescription: String) { + val locId = tw.getLocation(c) + tw.writeHasLocation(id, locId) + tw.writeCallableEnclosingExpr(id, callable) + tw.writeStatementEnclosingExpr(id, enclosingStmt) + + if(receiver == null) { + logger.errorElement("$receiverDescription not found", c) + } else { + extractExpressionExpr(receiver, callable, id, 0, enclosingStmt) + } + if(c.valueArgumentsCount > 0) { + logger.errorElement("Extra arguments found", c) + } + } + /** * Populate the lhs of a binary op from this call's dispatch receiver, and the rhs from its sole argument. */ @@ -1892,57 +2338,87 @@ open class KotlinFileExtractor( binopReceiver(id, c.dispatchReceiver, "Dispatch receiver") } - /** - * Populate the lhs of a binary op from this call's extension receiver, and the rhs from its sole argument. - */ - fun binopExtensionMethod(id: Label) { - binopReceiver(id, c.extensionReceiver, "Extension receiver") + fun unaryopDisp(id: Label) { + unaryopReceiver(id, c.dispatchReceiver, "Dispatch receiver") } val dr = c.dispatchReceiver when { - c.origin == IrStatementOrigin.PLUS && - (isNumericFunction(target, "plus") - || isFunction(target, "kotlin", "String", "plus", null)) -> { + isFunction(target, "kotlin", "String", "plus", false) -> { val id = tw.getFreshIdLabel() val type = useType(c.type) tw.writeExprs_addexpr(id, type.javaResult.id, parent, idx) tw.writeExprsKotlinType(id, type.kotlinResult.id) - if (c.extensionReceiver != null) - binopExtensionMethod(id) - else - binopDisp(id) + binopDisp(id) } isFunction(target, "kotlin", "String", "plus", true) -> { findJdkIntrinsicOrWarn("stringPlus", c)?.let { stringPlusFn -> - extractRawMethodAccess(stringPlusFn, c, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver, c.getValueArgument(0)), null, null) + extractRawMethodAccess(stringPlusFn, c, c.type, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver, c.getValueArgument(0)), null, null) } } - c.origin == IrStatementOrigin.MINUS && isNumericFunction(target, "minus") -> { - val id = tw.getFreshIdLabel() + isNumericFunction(target, listOf("plus", "minus", "times", "div", "rem", "and", "or", "xor", "shl", "shr", "ushr")) -> { val type = useType(c.type) - tw.writeExprs_subexpr(id, type.javaResult.id, parent, idx) - tw.writeExprsKotlinType(id, type.kotlinResult.id) - binopDisp(id) - } - c.origin == IrStatementOrigin.MUL && isNumericFunction(target, "times") -> { - val id = tw.getFreshIdLabel() - val type = useType(c.type) - tw.writeExprs_mulexpr(id, type.javaResult.id, parent, idx) - tw.writeExprsKotlinType(id, type.kotlinResult.id) - binopDisp(id) - } - c.origin == IrStatementOrigin.DIV && isNumericFunction(target, "div") -> { - val id = tw.getFreshIdLabel() - val type = useType(c.type) - tw.writeExprs_divexpr(id, type.javaResult.id, parent, idx) - tw.writeExprsKotlinType(id, type.kotlinResult.id) - binopDisp(id) - } - c.origin == IrStatementOrigin.PERC && isNumericFunction(target, "rem") -> { - val id = tw.getFreshIdLabel() - val type = useType(c.type) - tw.writeExprs_remexpr(id, type.javaResult.id, parent, idx) + val id: Label = when (val targetName = target.name.asString()) { + "plus" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_addexpr(id, type.javaResult.id, parent, idx) + id + } + "minus" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_subexpr(id, type.javaResult.id, parent, idx) + id + } + "times" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_mulexpr(id, type.javaResult.id, parent, idx) + id + } + "div" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_divexpr(id, type.javaResult.id, parent, idx) + id + } + "rem" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_remexpr(id, type.javaResult.id, parent, idx) + id + } + "and" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_andbitexpr(id, type.javaResult.id, parent, idx) + id + } + "or" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_orbitexpr(id, type.javaResult.id, parent, idx) + id + } + "xor" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_xorbitexpr(id, type.javaResult.id, parent, idx) + id + } + "shl" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_lshiftexpr(id, type.javaResult.id, parent, idx) + id + } + "shr" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_rshiftexpr(id, type.javaResult.id, parent, idx) + id + } + "ushr" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_urshiftexpr(id, type.javaResult.id, parent, idx) + id + } + else -> { + logger.errorElement("Unhandled binary target name: $targetName", c) + return + } + } tw.writeExprsKotlinType(id, type.kotlinResult.id) binopDisp(id) } @@ -1968,6 +2444,42 @@ open class KotlinFileExtractor( tw.writeExprsKotlinType(id, type.kotlinResult.id) binOp(id, dr, callable, enclosingStmt) } + isFunction(target, "kotlin", "Boolean", "not") -> { + val id = tw.getFreshIdLabel() + val type = useType(c.type) + tw.writeExprs_lognotexpr(id, type.javaResult.id, parent, idx) + tw.writeExprsKotlinType(id, type.kotlinResult.id) + unaryopDisp(id) + } + isNumericFunction(target, listOf("inv", "unaryMinus", "unaryPlus")) -> { + val type = useType(c.type) + val id: Label = when (val targetName = target.name.asString()) { + "inv" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_bitnotexpr(id, type.javaResult.id, parent, idx) + id + } + "unaryMinus" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_minusexpr(id, type.javaResult.id, parent, idx) + id + } + "unaryPlus" -> { + val id = tw.getFreshIdLabel() + tw.writeExprs_plusexpr(id, type.javaResult.id, parent, idx) + id + } + else -> { + logger.errorElement("Unhandled unary target name: $targetName", c) + return + } + } + tw.writeExprsKotlinType(id, type.kotlinResult.id) + if (isFunction(target, "kotlin", "Byte or Short", { it == "Byte" || it == "Short" }, "inv")) + unaryopReceiver(id, c.extensionReceiver, "Extension receiver") + else + unaryopDisp(id) + } // We need to handle all the builtin operators defines in BuiltInOperatorNames in // compiler/ir/ir.tree/src/org/jetbrains/kotlin/ir/IrBuiltIns.kt // as they can't be extracted as external dependencies. @@ -2086,7 +2598,7 @@ open class KotlinFileExtractor( } isFunction(target, "kotlin", "Any", "toString", true) -> { stringValueOfObjectMethod?.let { - extractRawMethodAccess(it, c, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver), null, null) + extractRawMethodAccess(it, c, c.type, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver), null, null) } } isBuiltinCallKotlin(c, "enumValues") -> { @@ -2136,6 +2648,24 @@ open class KotlinFileExtractor( || isBuiltinCallKotlin(c, "byteArrayOf") || isBuiltinCallKotlin(c, "booleanArrayOf") -> { + + val isPrimitiveArrayCreation = !isBuiltinCallKotlin(c, "arrayOf") + val elementType = if (isPrimitiveArrayCreation) { + c.type.getArrayElementType(pluginContext.irBuiltIns) + } else { + // TODO: is there any reason not to always use getArrayElementType? + if (c.typeArgumentsCount == 1) { + c.getTypeArgument(0).also { + if (it == null) { + logger.errorElement("Type argument missing in an arrayOf call", c) + } + } + } else { + logger.errorElement("Expected to find one type argument in arrayOf call", c) + null + } + } + val arg = if (c.valueArgumentsCount == 1) c.getValueArgument(0) else { logger.errorElement("Expected to find only one (vararg) argument in ${c.symbol.owner.name.asString()} call", c) null @@ -2146,67 +2676,7 @@ open class KotlinFileExtractor( } } - // If this is [someType]ArrayOf(*x), x, otherwise null - val clonedArray = arg?.let { - if (arg.elements.size == 1) { - val onlyElement = arg.elements[0] - if (onlyElement is IrSpreadElement) - onlyElement.expression - else null - } else null - } - - if (clonedArray != null) { - // This is an array clone: extract is as a call to java.lang.Object.clone - objectCloneMethod?.let { - extractRawMethodAccess(it, c, callable, parent, idx, enclosingStmt, listOf(), clonedArray, null) - } - } else { - // This is array creation: extract it as a call to new ArrayType[] { ... } - val id = tw.getFreshIdLabel() - val type = useType(c.type) - tw.writeExprs_arraycreationexpr(id, type.javaResult.id, parent, idx) - tw.writeExprsKotlinType(id, type.kotlinResult.id) - val locId = tw.getLocation(c) - tw.writeHasLocation(id, locId) - tw.writeCallableEnclosingExpr(id, callable) - - if (isBuiltinCallKotlin(c, "arrayOf")) { - if (c.typeArgumentsCount == 1) { - val typeArgument = c.getTypeArgument(0) - if (typeArgument == null) { - logger.errorElement("Type argument missing in an arrayOf call", c) - } else { - extractTypeAccessRecursive(typeArgument, locId, id, -1, callable, enclosingStmt, TypeContext.GENERIC_ARGUMENT) - } - } else { - logger.errorElement("Expected to find one type argument in arrayOf call", c ) - } - } else { - val elementType = c.type.getArrayElementType(pluginContext.irBuiltIns) - extractTypeAccessRecursive(elementType, locId, id, -1, callable, enclosingStmt) - } - - arg?.let { - val initId = tw.getFreshIdLabel() - tw.writeExprs_arrayinit(initId, type.javaResult.id, id, -2) - tw.writeExprsKotlinType(initId, type.kotlinResult.id) - tw.writeHasLocation(initId, locId) - tw.writeCallableEnclosingExpr(initId, callable) - tw.writeStatementEnclosingExpr(initId, enclosingStmt) - it.elements.forEachIndexed { i, arg -> extractVarargElement(arg, callable, initId, i, enclosingStmt) } - - val dim = it.elements.size - val dimId = tw.getFreshIdLabel() - val dimType = useType(pluginContext.irBuiltIns.intType) - tw.writeExprs_integerliteral(dimId, dimType.javaResult.id, id, 0) - tw.writeExprsKotlinType(dimId, dimType.kotlinResult.id) - tw.writeHasLocation(dimId, locId) - tw.writeCallableEnclosingExpr(dimId, callable) - tw.writeStatementEnclosingExpr(dimId, enclosingStmt) - tw.writeNamestrings(dim.toString(), dim.toString(), dimId) - } - } + extractArrayCreation(arg, c.type, elementType, isPrimitiveArrayCreation, c, parent, idx, callable, enclosingStmt) } isBuiltinCall(c, "", "kotlin.jvm") -> { // Special case for KClass<*>.java, which is used in the Parcelize plugin. In normal cases, this is already rewritten to the property referenced below: @@ -2226,7 +2696,7 @@ open class KotlinFileExtractor( val argType = (ext.type as? IrSimpleType)?.arguments?.firstOrNull()?.typeOrNull val typeArguments = if (argType == null) listOf() else listOf(argType) - extractRawMethodAccess(getter, c, callable, parent, idx, enclosingStmt, listOf(), null, ext, typeArguments) + extractRawMethodAccess(getter, c, c.type, callable, parent, idx, enclosingStmt, listOf(), null, ext, typeArguments) } } isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "iterator") -> { @@ -2257,7 +2727,7 @@ open class KotlinFileExtractor( else -> pluginContext.irBuiltIns.anyNType } } - extractRawMethodAccess(iteratorFn, c, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, typeArgs) + extractRawMethodAccess(iteratorFn, c, c.type, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, typeArgs) } } } @@ -2276,27 +2746,21 @@ open class KotlinFileExtractor( if (array != null && arrayIdx != null && assignedValue != null) { - val assignId = tw.getFreshIdLabel() - val type = useType(c.type) val locId = tw.getLocation(c) - tw.writeExprs_assignexpr(assignId, type.javaResult.id, parent, idx) - tw.writeExprsKotlinType(assignId, type.kotlinResult.id) - tw.writeHasLocation(assignId, locId) - tw.writeCallableEnclosingExpr(assignId, callable) - tw.writeStatementEnclosingExpr(assignId, enclosingStmt) + extractAssignExpr(c.type, locId, parent, idx, callable, enclosingStmt).also { assignId -> + tw.getFreshIdLabel().also { arrayAccessId -> + val arrayType = useType(array.type) + tw.writeExprs_arrayaccess(arrayAccessId, arrayType.javaResult.id, assignId, 0) + tw.writeExprsKotlinType(arrayAccessId, arrayType.kotlinResult.id) + tw.writeHasLocation(arrayAccessId, locId) + tw.writeCallableEnclosingExpr(arrayAccessId, callable) + tw.writeStatementEnclosingExpr(arrayAccessId, enclosingStmt) - val arrayAccessId = tw.getFreshIdLabel() - val arrayType = useType(array.type) - tw.writeExprs_arrayaccess(arrayAccessId, arrayType.javaResult.id, assignId, 0) - tw.writeExprsKotlinType(arrayAccessId, arrayType.kotlinResult.id) - tw.writeHasLocation(arrayAccessId, locId) - tw.writeCallableEnclosingExpr(arrayAccessId, callable) - tw.writeStatementEnclosingExpr(arrayAccessId, enclosingStmt) - - extractExpressionExpr(array, callable, arrayAccessId, 0, enclosingStmt) - extractExpressionExpr(arrayIdx, callable, arrayAccessId, 1, enclosingStmt) - - extractExpressionExpr(assignedValue, callable, assignId, 1, enclosingStmt) + extractExpressionExpr(array, callable, arrayAccessId, 0, enclosingStmt) + extractExpressionExpr(arrayIdx, callable, arrayAccessId, 1, enclosingStmt) + } + extractExpressionExpr(assignedValue, callable, assignId, 1, enclosingStmt) + } } else { logger.errorElement("Unexpected Array.set function signature", c) @@ -2352,6 +2816,7 @@ open class KotlinFileExtractor( extractRawMethodAccess( realCallee, c, + c.type, callable, parent, idx, @@ -2379,6 +2844,7 @@ open class KotlinFileExtractor( extractRawMethodAccess( realCallee, c, + c.type, callable, parent, idx, @@ -2396,6 +2862,51 @@ open class KotlinFileExtractor( } } + private fun extractArrayCreation(elementList: IrVararg?, resultType: IrType, elementType: IrType?, allowPrimitiveElementType: Boolean, locElement: IrElement, parent: Label, idx: Int, enclosingCallable: Label, enclosingStmt: Label) { + // If this is [someType]ArrayOf(*x), x, otherwise null + val clonedArray = elementList?.let { + if (it.elements.size == 1) { + val onlyElement = it.elements[0] + if (onlyElement is IrSpreadElement) + onlyElement.expression + else null + } else null + } + + if (clonedArray != null) { + // This is an array clone: extract is as a call to java.lang.Object.clone + objectCloneMethod?.let { + extractRawMethodAccess(it, locElement, resultType, enclosingCallable, parent, idx, enclosingStmt, listOf(), clonedArray, null) + } + } else { + // This is array creation: extract it as a call to new ArrayType[] { ... } + val id = tw.getFreshIdLabel() + val type = useType(resultType) + tw.writeExprs_arraycreationexpr(id, type.javaResult.id, parent, idx) + tw.writeExprsKotlinType(id, type.kotlinResult.id) + val locId = tw.getLocation(locElement) + tw.writeHasLocation(id, locId) + tw.writeCallableEnclosingExpr(id, enclosingCallable) + + if (elementType != null) { + val typeContext = if (allowPrimitiveElementType) TypeContext.OTHER else TypeContext.GENERIC_ARGUMENT + extractTypeAccessRecursive(elementType, locId, id, -1, enclosingCallable, enclosingStmt, typeContext) + } + + if (elementList != null) { + val initId = tw.getFreshIdLabel() + tw.writeExprs_arrayinit(initId, type.javaResult.id, id, -2) + tw.writeExprsKotlinType(initId, type.kotlinResult.id) + tw.writeHasLocation(initId, locId) + tw.writeCallableEnclosingExpr(initId, enclosingCallable) + tw.writeStatementEnclosingExpr(initId, enclosingStmt) + elementList.elements.forEachIndexed { i, arg -> extractVarargElement(arg, enclosingCallable, initId, i, enclosingStmt) } + + extractConstantInteger(elementList.elements.size, locId, id, 0, enclosingCallable, enclosingStmt) + } + } + } + private fun extractNewExpr( methodId: Label, constructedType: TypeResults, @@ -2454,29 +2965,27 @@ open class KotlinFileExtractor( logger.errorElement("Constructor call has non-simple type ${eType.javaClass}", e) return } + val type = useType(eType) val isAnonymous = eType.isAnonymous - val type: TypeResults = if (isAnonymous) { - if (e.typeArgumentsCount > 0) { - logger.warnElement("Unexpected type arguments (${e.typeArgumentsCount}) for anonymous class constructor call", e) - } - val c = eType.classifier.owner - if (c !is IrClass) { - logger.errorElement("Anonymous constructor call type not a class (${c.javaClass})", e) - return - } - useAnonymousClass(c) - } else { - useType(eType) - } val locId = tw.getLocation(e) - val id = extractNewExpr(e.symbol.owner, eType.arguments, type, locId, parent, idx, callable, enclosingStmt) + val valueArgs = (0 until e.valueArgumentsCount).map { e.getValueArgument(it) } + // For now, don't try to use default methods for enum constructor calls, + // which have null arguments even though the parameters don't give default values. + val anyDefaultArgs = e !is IrEnumConstructorCall && valueArgs.any { it == null } + val id = if (anyDefaultArgs) { + extractNewExpr(getDefaultsMethodLabel(e.symbol.owner).cast(), type, locId, parent, idx, callable, enclosingStmt).also { + extractDefaultsCallArguments(it, e.symbol.owner, callable, enclosingStmt, valueArgs, null, null) + } + } else { + extractNewExpr(e.symbol.owner, eType.arguments, type, locId, parent, idx, callable, enclosingStmt).also { + extractCallValueArguments(it, e, enclosingStmt, callable, 0) + } + } if (isAnonymous) { - tw.writeIsAnonymClass(type.javaResult.id.cast(), id) + tw.writeIsAnonymClass(type.javaResult.id.cast(), id) } - extractCallValueArguments(id, e, enclosingStmt, callable, 0) - val dr = e.dispatchReceiver if (dr != null) { extractExpressionExpr(dr, callable, id, -2, enclosingStmt) @@ -2524,16 +3033,12 @@ open class KotlinFileExtractor( } inner class StmtParent(val parent: Label, val idx: Int): StmtExprParent() { - override fun stmt(e: IrExpression, callable: Label): StmtParent { - return this - } - override fun expr(e: IrExpression, callable: Label): ExprParent { - val id = tw.getFreshIdLabel() - val locId = tw.getLocation(e) - tw.writeStmts_exprstmt(id, parent, idx, callable) - tw.writeHasLocation(id, locId) - return ExprParent(id, 0, id) - } + override fun stmt(e: IrExpression, callable: Label) = this + + override fun expr(e: IrExpression, callable: Label) = + extractExpressionStmt(tw.getLocation(e), parent, idx, callable).let { id -> + ExprParent(id, 0, id) + } } inner class ExprParent(val parent: Label, val idx: Int, val enclosingStmt: Label): StmtExprParent() { override fun stmt(e: IrExpression, callable: Label): StmtParent { @@ -2675,6 +3180,12 @@ open class KotlinFileExtractor( return false } + private fun extractExpressionStmt(locId: Label, parent: Label, idx: Int, callable: Label) = + tw.getFreshIdLabel().also { + tw.writeStmts_exprstmt(it, parent, idx, callable) + tw.writeHasLocation(it, locId) + } + private fun extractExpressionStmt(e: IrExpression, callable: Label, parent: Label, idx: Int) { extractExpression(e, callable, StmtParent(parent, idx)) } @@ -2683,13 +3194,52 @@ open class KotlinFileExtractor( extractExpression(e, callable, ExprParent(parent, idx, enclosingStmt)) } + private fun extractExprContext(id: Label, locId: Label, callable: Label, enclosingStmt: Label) { + tw.writeHasLocation(id, locId) + tw.writeCallableEnclosingExpr(id, callable) + tw.writeStatementEnclosingExpr(id, enclosingStmt) + } + + private fun extractEqualsExpression(locId: Label, parent: Label, idx: Int, callable: Label, enclosingStmt: Label) = + tw.getFreshIdLabel().also { + val type = useType(pluginContext.irBuiltIns.booleanType) + tw.writeExprs_eqexpr(it, type.javaResult.id, parent, idx) + tw.writeExprsKotlinType(it, type.kotlinResult.id) + extractExprContext(it, locId, callable, enclosingStmt) + } + + private fun extractAndbitExpression(type: IrType, locId: Label, parent: Label, idx: Int, callable: Label, enclosingStmt: Label) = + tw.getFreshIdLabel().also { + val typeResults = useType(type) + tw.writeExprs_andbitexpr(it, typeResults.javaResult.id, parent, idx) + tw.writeExprsKotlinType(it, typeResults.kotlinResult.id) + extractExprContext(it, locId, callable, enclosingStmt) + } + + private fun extractConstantInteger(v: Int, locId: Label, parent: Label, idx: Int, callable: Label, enclosingStmt: Label) = + tw.getFreshIdLabel().also { + val type = useType(pluginContext.irBuiltIns.intType) + tw.writeExprs_integerliteral(it, type.javaResult.id, parent, idx) + tw.writeExprsKotlinType(it, type.kotlinResult.id) + tw.writeNamestrings(v.toString(), v.toString(), it) + extractExprContext(it, locId, callable, enclosingStmt) + } + + private fun extractAssignExpr(type: IrType, locId: Label, parent: Label, idx: Int, callable: Label, enclosingStmt: Label) = + tw.getFreshIdLabel().also { + val typeResults = useType(type) + tw.writeExprs_assignexpr(it, typeResults.javaResult.id, parent, idx) + tw.writeExprsKotlinType(it, typeResults.kotlinResult.id) + extractExprContext(it, locId, callable, enclosingStmt) + } + private fun extractExpression(e: IrExpression, callable: Label, parent: StmtExprParent) { with("expression", e) { when(e) { is IrDelegatingConstructorCall -> { val stmtParent = parent.stmt(e, callable) - val irCallable = declarationStack.peek() + val irCallable = declarationStack.peek().first val delegatingClass = e.symbol.owner.parent val currentClass = irCallable.parent @@ -2791,7 +3341,7 @@ open class KotlinFileExtractor( extractLoop(e, parent, callable) } is IrInstanceInitializerCall -> { - val irConstructor = declarationStack.peek() as? IrConstructor + val irConstructor = declarationStack.peek().first as? IrConstructor if (irConstructor == null) { logger.errorElement("IrInstanceInitializerCall outside constructor", e) return @@ -2933,7 +3483,7 @@ open class KotlinFileExtractor( val exprParent = parent.expr(e, callable) val owner = e.symbol.owner if (owner is IrValueParameter && owner.index == -1 && !owner.isExtensionReceiver()) { - extractThisAccess(e, exprParent, callable) + extractThisAccess(e, owner.parent, exprParent, callable) } else { val isAnnotationClassParameter = ((owner as? IrValueParameter)?.parent as? IrConstructor)?.parentClassOrNull?.kind == ClassKind.ANNOTATION_CLASS val extractType = if (isAnnotationClassParameter) kClassToJavaClass(e.type) else e.type @@ -3128,14 +3678,12 @@ open class KotlinFileExtractor( extractTypeOperatorCall(e, callable, exprParent.parent, exprParent.idx, exprParent.enclosingStmt) } is IrVararg -> { - var spread = e.elements.getOrNull(0) as? IrSpreadElement - if (spread == null || e.elements.size != 1) { - logger.errorElement("Unexpected IrVararg", e) - return - } // There are lowered IR cases when the vararg expression is not within a call, such as - // val temp0 = [*expr] - extractExpression(spread.expression, callable, parent) + // val temp0 = [*expr]. + // This AST element can also occur as a collection literal in an annotation class, such as + // annotation class Ann(val strings: Array = []) + val exprParent = parent.expr(e, callable) + extractArrayCreation(e, e.type, e.varargElementType, true, e, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt) } is IrGetObjectValue -> { // For `object MyObject { ... }`, the .class has an @@ -3275,10 +3823,21 @@ open class KotlinFileExtractor( extractTypeAccessRecursive(irType, locId, it, 0) } - private fun extractThisAccess(e: IrGetValue, exprParent: ExprParent, callable: Label) { - val containingDeclaration = declarationStack.peek() + private fun extractThisAccess(type: TypeResults, callable: Label, parent: Label, idx: Int, enclosingStmt: Label, locId: Label) = + tw.getFreshIdLabel().also { + tw.writeExprs_thisaccess(it, type.javaResult.id, parent, idx) + tw.writeExprsKotlinType(it, type.kotlinResult.id) + tw.writeHasLocation(it, locId) + tw.writeCallableEnclosingExpr(it, callable) + tw.writeStatementEnclosingExpr(it, enclosingStmt) + } + + private fun extractThisAccess(irType: IrType, callable: Label, parent: Label, idx: Int, enclosingStmt: Label, locId: Label) = + extractThisAccess(useType(irType), callable, parent, idx, enclosingStmt, locId) + + private fun extractThisAccess(e: IrGetValue, thisParamParent: IrDeclarationParent, exprParent: ExprParent, callable: Label) { + val containingDeclaration = declarationStack.peek().first val locId = tw.getLocation(e) - val type = useType(e.type) if (containingDeclaration.shouldExtractAsStatic && containingDeclaration.parentClassOrNull?.isNonCompanionObject == true) { // Use of `this` in a non-companion object member that will be lowered to a static function -- replace with a reference @@ -3288,13 +3847,21 @@ open class KotlinFileExtractor( extractStaticTypeAccessQualifier(containingDeclaration, varAccessId, locId, callable, exprParent.enclosingStmt) } } else { - val id = tw.getFreshIdLabel() + if (thisParamParent is IrFunction) { + val overriddenAttributes = declarationStack.findOverriddenAttributes(thisParamParent) + val replaceWithParamIdx = overriddenAttributes?.valueParameters?.indexOf(e.symbol.owner) + if (replaceWithParamIdx != null && replaceWithParamIdx != -1) { + // Use of 'this' in a function where the dispatch receiver is passed like an ordinary parameter, + // such as a `$default` static function that substitutes in default arguments as needed. + val paramDeclarerId = overriddenAttributes.id ?: useDeclarationParent(thisParamParent, false) + val extensionParamOffset = if (thisParamParent.extensionReceiverParameter != null) 1 else 0 + val replacementParamId = tw.getLabelFor(getValueParameterLabel(paramDeclarerId, replaceWithParamIdx + extensionParamOffset)) + extractVariableAccess(replacementParamId, e.type, locId, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt) + return + } + } - tw.writeExprs_thisaccess(id, type.javaResult.id, exprParent.parent, exprParent.idx) - tw.writeExprsKotlinType(id, type.kotlinResult.id) - tw.writeHasLocation(id, locId) - tw.writeCallableEnclosingExpr(id, callable) - tw.writeStatementEnclosingExpr(id, exprParent.enclosingStmt) + val id = extractThisAccess(e.type, callable, exprParent.parent, exprParent.idx, exprParent.enclosingStmt, locId) fun extractTypeAccess(parent: IrClass) { extractTypeAccessRecursive(parent.typeWith(listOf()), locId, id, 0, callable, exprParent.enclosingStmt) @@ -3326,9 +3893,8 @@ open class KotlinFileExtractor( } } - private fun extractVariableAccess(variable: Label?, irType: IrType, locId: Label, parent: Label, idx: Int, callable: Label, enclosingStmt: Label) = + private fun extractVariableAccess(variable: Label?, type: TypeResults, locId: Label, parent: Label, idx: Int, callable: Label, enclosingStmt: Label) = tw.getFreshIdLabel().also { - val type = useType(irType) tw.writeExprs_varaccess(it, type.javaResult.id, parent, idx) tw.writeExprsKotlinType(it, type.kotlinResult.id) tw.writeHasLocation(it, locId) @@ -3340,6 +3906,9 @@ open class KotlinFileExtractor( } } + private fun extractVariableAccess(variable: Label?, irType: IrType, locId: Label, parent: Label, idx: Int, callable: Label, enclosingStmt: Label) = + extractVariableAccess(variable, useType(irType), locId, parent, idx, callable, enclosingStmt) + private fun extractLoop( loop: IrLoop, stmtExprParent: StmtExprParent, @@ -3413,33 +3982,16 @@ open class KotlinFileExtractor( stmtIdx: Int ) { val paramId = tw.getFreshIdLabel() - val paramTypeRes = extractValueParameter(paramId, paramType, paramName, locId, ids.constructor, paramIdx, paramId, isVararg = false, syntheticParameterNames = false) + extractValueParameter(paramId, paramType, paramName, locId, ids.constructor, paramIdx, paramId, syntheticParameterNames = false, isVararg = false, isNoinline = false, isCrossinline = false) - val assignmentStmtId = tw.getFreshIdLabel() - tw.writeStmts_exprstmt(assignmentStmtId, ids.constructorBlock, stmtIdx, ids.constructor) - tw.writeHasLocation(assignmentStmtId, locId) - - val assignmentId = tw.getFreshIdLabel() - tw.writeExprs_assignexpr(assignmentId, paramTypeRes.javaResult.id, assignmentStmtId, 0) - tw.writeExprsKotlinType(assignmentId, paramTypeRes.kotlinResult.id) - writeExpressionMetadataToTrapFile(assignmentId, ids.constructor, assignmentStmtId) - - val lhsId = tw.getFreshIdLabel() - tw.writeExprs_varaccess(lhsId, paramTypeRes.javaResult.id, assignmentId, 0) - tw.writeExprsKotlinType(lhsId, paramTypeRes.kotlinResult.id) - tw.writeVariableBinding(lhsId, fieldId) - writeExpressionMetadataToTrapFile(lhsId, ids.constructor, assignmentStmtId) - - val thisId = tw.getFreshIdLabel() - tw.writeExprs_thisaccess(thisId, ids.type.javaResult.id, lhsId, -1) - tw.writeExprsKotlinType(thisId, ids.type.kotlinResult.id) - writeExpressionMetadataToTrapFile(thisId, ids.constructor, assignmentStmtId) - - val rhsId = tw.getFreshIdLabel() - tw.writeExprs_varaccess(rhsId, paramTypeRes.javaResult.id, assignmentId, 1) - tw.writeExprsKotlinType(rhsId, paramTypeRes.kotlinResult.id) - tw.writeVariableBinding(rhsId, paramId) - writeExpressionMetadataToTrapFile(rhsId, ids.constructor, assignmentStmtId) + extractExpressionStmt(locId, ids.constructorBlock, stmtIdx, ids.constructor).also { assignmentStmtId -> + extractAssignExpr(paramType, locId, assignmentStmtId, 0, ids.constructor, assignmentStmtId).also { assignmentId -> + extractVariableAccess(fieldId, paramType, locId, assignmentId, 0, ids.constructor, assignmentStmtId).also { lhsId -> + extractThisAccess(ids.type, ids.constructor, lhsId, -1, assignmentStmtId, locId) + } + extractVariableAccess(paramId, paramType, locId, assignmentId, 1, ids.constructor, assignmentStmtId) + } + } } } @@ -3497,35 +4049,22 @@ open class KotlinFileExtractor( } protected fun writeThisAccess(parent: Label, callable: Label, stmt: Label) { - val thisId = tw.getFreshIdLabel() - tw.writeExprs_thisaccess(thisId, ids.type.javaResult.id, parent, -1) - tw.writeExprsKotlinType(thisId, ids.type.kotlinResult.id) - writeExpressionMetadataToTrapFile(thisId, callable, stmt) + extractThisAccess(ids.type, callable, parent, -1, stmt, locId) } fun extractFieldWriteOfReflectionTarget( labels: FunctionLabels, // labels of the containing function target: IrFieldSymbol, // the target field being accessed) ) { - // ...; - val exprStmtId = tw.getFreshIdLabel() - tw.writeStmts_exprstmt(exprStmtId, labels.blockId, 0, labels.methodId) - tw.writeHasLocation(exprStmtId, locId) - val fieldType = useType(target.owner.type) - // ... = ... - val assignExprId = tw.getFreshIdLabel() - tw.writeExprs_assignexpr(assignExprId, fieldType.javaResult.id, exprStmtId, 0) - tw.writeExprsKotlinType(assignExprId, fieldType.kotlinResult.id) - writeExpressionMetadataToTrapFile(assignExprId, labels.methodId, exprStmtId) - - // LHS - extractFieldAccess(fieldType, assignExprId, exprStmtId, labels, target) - - // RHS - val p = labels.parameters.first() - writeVariableAccessInFunctionBody(p.second, 1, p.first, assignExprId, labels.methodId, exprStmtId) + extractExpressionStmt(locId, labels.blockId, 0, labels.methodId).also { exprStmtId -> + extractAssignExpr(target.owner.type, locId, exprStmtId, 0, labels.methodId, exprStmtId).also { assignExprId -> + extractFieldAccess(fieldType, assignExprId, exprStmtId, labels, target) + val p = labels.parameters.first() + writeVariableAccessInFunctionBody(p.second, 1, p.first, assignExprId, labels.methodId, exprStmtId) + } + } } fun extractFieldReturnOfReflectionTarget( @@ -3732,9 +4271,11 @@ open class KotlinFileExtractor( * this.dispatchReceiver = dispatchReceiver * } * - * fun get(): R { return this.dispatchReceiver.FN1() } + * override fun get(): R { return this.dispatchReceiver.FN1() } * - * fun set(a0: R): Unit { return this.dispatchReceiver.FN2(a0) } + * override fun set(a0: R): Unit { return this.dispatchReceiver.FN2(a0) } + * + * override fun invoke(): R { return this.get() } * } * ``` * @@ -3771,9 +4312,9 @@ open class KotlinFileExtractor( constructorBlock = tw.getFreshIdLabel() ) - val declarationParent = declarationStack.peekAsDeclarationParent(propertyReferenceExpr) ?: return - val prefix = if (kPropertyClass.owner.name.asString().startsWith("KMutableProperty")) "Mutable" else "" - val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.${prefix}PropertyReference${kPropertyType.arguments.size - 1}"))?.owner?.typeWith() + val declarationParent = peekDeclStackAsDeclarationParent(propertyReferenceExpr) ?: return + // The base class could be `Any`. `PropertyReference` is used to keep symmetry with function references. + val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.PropertyReference"))?.owner?.typeWith() ?: pluginContext.irBuiltIns.anyType val classId = extractGeneratedClass(ids, listOf(baseClass, kPropertyType), locId, propertyReferenceExpr, declarationParent) @@ -3876,10 +4417,16 @@ open class KotlinFileExtractor( callable: Label ) { with("function reference", functionReferenceExpr) { - val target = functionReferenceExpr.reflectionTarget ?: run { - logger.warnElement("Expected to find reflection target for function reference. Using underlying symbol instead.", functionReferenceExpr) - functionReferenceExpr.symbol - } + val target = + if (functionReferenceExpr.origin == IrStatementOrigin.ADAPTED_FUNCTION_REFERENCE) + // For an adaptation (e.g. to adjust the number or type of arguments or results), the symbol field points at the adapter while `.reflectionTarget` points at the source-level target. + functionReferenceExpr.symbol + else + // TODO: Consider whether we could always target the symbol + functionReferenceExpr.reflectionTarget ?: run { + logger.warnElement("Expected to find reflection target for function reference. Using underlying symbol instead.", functionReferenceExpr) + functionReferenceExpr.symbol + } /* * Extract generated class: @@ -3978,12 +4525,15 @@ open class KotlinFileExtractor( if (fnInterfaceType == null) { logger.warnElement("Cannot find functional interface type for function reference", functionReferenceExpr) } else { - val declarationParent = declarationStack.peekAsDeclarationParent(functionReferenceExpr) ?: return + val declarationParent = peekDeclStackAsDeclarationParent(functionReferenceExpr) ?: return // `FunctionReference` base class is required, because that's implementing `KFunction`. val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.FunctionReference"))?.owner?.typeWith() ?: pluginContext.irBuiltIns.anyType - val classId = extractGeneratedClass(ids, listOf(baseClass, fnInterfaceType), locId, functionReferenceExpr, declarationParent) + val classId = extractGeneratedClass(ids, listOf(baseClass, fnInterfaceType), locId, functionReferenceExpr, declarationParent, { it.valueParameters.size == 1 }) { + // The argument to FunctionReference's constructor is the function arity. + extractConstantInteger(type.arguments.size - 1, locId, it, 0, ids.constructor, it) + } helper.extractReceiverField() @@ -4086,12 +4636,12 @@ open class KotlinFileExtractor( val parameters = parameterTypes.mapIndexed { idx, p -> val paramId = tw.getFreshIdLabel() - val paramType = extractValueParameter(paramId, p, "a$idx", locId, methodId, idx, paramId, isVararg = false, syntheticParameterNames = false) + val paramType = extractValueParameter(paramId, p, "a$idx", locId, methodId, idx, paramId, syntheticParameterNames = false, isVararg = false, isNoinline = false, isCrossinline = false) Pair(paramId, paramType) } - val paramsSignature = parameters.joinToString(separator = ",", prefix = "(", postfix = ")") { it.second.javaResult.signature } + val paramsSignature = parameters.joinToString(separator = ",", prefix = "(", postfix = ")") { signatureOrWarn(it.second.javaResult, declarationStack.tryPeek()?.first) } val rt = useType(returnType, TypeContext.RETURN) tw.writeMethods(methodId, name, "$name$paramsSignature", rt.javaResult.id, parentId, methodId) @@ -4101,12 +4651,7 @@ open class KotlinFileExtractor( addModifiers(methodId, "public") addModifiers(methodId, "override") - // Block - val blockId = tw.getFreshIdLabel() - tw.writeStmts_block(blockId, methodId, 0, methodId) - tw.writeHasLocation(blockId, locId) - - return FunctionLabels(methodId, blockId, parameters) + return FunctionLabels(methodId, extractBlockBody(methodId, locId), parameters) } /* @@ -4148,10 +4693,7 @@ open class KotlinFileExtractor( tw.writeCallableBinding(callId, calledMethodId) // this access - val thisId = tw.getFreshIdLabel() - tw.writeExprs_thisaccess(thisId, ids.type.javaResult.id, callId, -1) - tw.writeExprsKotlinType(thisId, ids.type.kotlinResult.id) - extractCommonExpr(thisId) + extractThisAccess(ids.type, funLabels.methodId, callId, -1, retId, locId) addArgumentsToInvocationInInvokeNBody(parameters.map { it.type }, funLabels, retId, callId, locId, ::extractCommonExpr) } @@ -4413,13 +4955,7 @@ open class KotlinFileExtractor( tw.writeExprsKotlinType(initId, at.kotlinResult.id) extractCommonExpr(initId) - val dim = arraySize.toString() - val dimId = tw.getFreshIdLabel() - val dimType = useType(pluginContext.irBuiltIns.intType) - tw.writeExprs_integerliteral(dimId, dimType.javaResult.id, arrayCreationId, 0) - tw.writeExprsKotlinType(dimId, dimType.kotlinResult.id) - extractCommonExpr(dimId) - tw.writeNamestrings(dim, dim, dimId) + extractConstantInteger(arraySize, locId, arrayCreationId, 0, enclosingCallable, enclosingStmt) return initId } @@ -4533,7 +5069,7 @@ open class KotlinFileExtractor( class extends Object implements IntPredicate { Function1 ; public (Function1 ) { this. = ; } - public Boolean accept(Integer i) { return .invoke(i); } + public override Boolean accept(Integer i) { return .invoke(i); } } IntPredicate x = (IntPredicate)new (...); @@ -4546,7 +5082,10 @@ open class KotlinFileExtractor( return } - if (!st.isFunctionOrKFunction() && !st.isSuspendFunctionOrKFunction()) { + fun IrSimpleType.isKProperty() = + classFqName?.asString()?.startsWith("kotlin.reflect.KProperty") == true + + if (!st.isFunctionOrKFunction() && !st.isSuspendFunctionOrKFunction() && !st.isKProperty()) { logger.errorElement("Expected to find expression with function type in SAM conversion.", e) return } @@ -4587,7 +5126,7 @@ open class KotlinFileExtractor( val locId = tw.getLocation(e) val helper = GeneratedClassHelper(locId, ids) - val declarationParent = declarationStack.peekAsDeclarationParent(e) ?: return + val declarationParent = peekDeclStackAsDeclarationParent(e) ?: return val classId = extractGeneratedClass(ids, listOf(pluginContext.irBuiltIns.anyType, e.typeOperand), locId, e, declarationParent) // add field @@ -4611,16 +5150,15 @@ open class KotlinFileExtractor( // we would need to compose generic type substitutions -- for example, if we're implementing // T UnaryOperator.apply(T t) here, we would need to compose substitutions so we can implement // the real underlying R Function.apply(T t). - forceExtractFunction(samMember, classId, extractBody = false, extractMethodAndParameterTypeAccesses = true, typeSub, classTypeArgs, ids.function, tw.getLocation(e)) + forceExtractFunction(samMember, classId, extractBody = false, extractMethodAndParameterTypeAccesses = true, typeSub, classTypeArgs, overriddenAttributes = OverriddenFunctionAttributes(id = ids.function, sourceLoc = tw.getLocation(e))) + addModifiers(ids.function, "override") if (st.isSuspendFunctionOrKFunction()) { addModifiers(ids.function, "suspend") } //body - val blockId = tw.getFreshIdLabel() - tw.writeStmts_block(blockId, ids.function, 0, ids.function) - tw.writeHasLocation(blockId, locId) + val blockId = extractBlockBody(ids.function, locId) //return stmt val returnId = tw.getFreshIdLabel() @@ -4735,7 +5273,9 @@ open class KotlinFileExtractor( superTypes: List, locId: Label, elementToReportOn: IrElement, - declarationParent: IrDeclarationParent + declarationParent: IrDeclarationParent, + superConstructorSelector: (IrFunction) -> Boolean = { it.valueParameters.isEmpty() }, + extractSuperconstructorArgs: (Label) -> Unit = {} ): Label { // Write class val id = ids.type.javaResult.id.cast() @@ -4760,7 +5300,7 @@ open class KotlinFileExtractor( if (baseClass == null) { logger.warnElement("Cannot find base class", elementToReportOn) } else { - val baseConstructor = baseClass.owner.declarations.findSubType { it.symbol is IrConstructorSymbol } + val baseConstructor = baseClass.owner.declarations.findSubType { it.symbol is IrConstructorSymbol && superConstructorSelector(it) } if (baseConstructor == null) { logger.warnElement("Cannot find base constructor", elementToReportOn) } else { @@ -4771,12 +5311,13 @@ open class KotlinFileExtractor( tw.writeHasLocation(superCallId, locId) tw.writeCallableBinding(superCallId.cast(), baseConstructorId) + extractSuperconstructorArgs(superCallId) } } addModifiers(id, "final") addVisibilityModifierToLocalOrAnonymousClass(id) - extractClassSupertypes(superTypes, listOf(), id, inReceiverContext = true) + extractClassSupertypes(superTypes, listOf(), id, isInterface = false, inReceiverContext = true) extractEnclosingClass(declarationParent, id, null, locId, listOf()) @@ -4784,7 +5325,7 @@ open class KotlinFileExtractor( } /** - * Extracts the class around a local function or a lambda. + * Extracts the class around a local function or a lambda. The superclass must have a no-arg constructor. */ private fun extractGeneratedClass(localFunction: IrFunction, superTypes: List) : Label { with("generated class", localFunction) { @@ -4799,13 +5340,19 @@ open class KotlinFileExtractor( } } - // todo: calculating the enclosing ref type could be done through this, instead of walking up the declaration parent chain - private val declarationStack = DeclarationStack() + private inner class DeclarationStackAdjuster(val declaration: IrDeclaration, val overriddenAttributes: OverriddenFunctionAttributes? = null): Closeable { + init { + declarationStack.push(declaration, overriddenAttributes) + } + override fun close() { + declarationStack.pop() + } + } - private inner class DeclarationStack { - private val stack: Stack = Stack() + class DeclarationStack { + private val stack: Stack> = Stack() - fun push(item: IrDeclaration) = stack.push(item) + fun push(item: IrDeclaration, overriddenAttributes: OverriddenFunctionAttributes?) = stack.push(Pair(item, overriddenAttributes)) fun pop() = stack.pop() @@ -4813,28 +5360,34 @@ open class KotlinFileExtractor( fun peek() = stack.peek() - fun peekAsDeclarationParent(elementToReportOn: IrElement): IrDeclarationParent? { - val trapWriter = tw - if (isEmpty() && trapWriter is SourceFileTrapWriter) { - // If the current declaration is used as a parent, we might end up with an empty stack. In this case, the source file is the parent. - return trapWriter.irFile - } + fun tryPeek() = if (stack.isEmpty()) null else stack.peek() - val dp = peek() as? IrDeclarationParent - if (dp == null) { - logger.errorElement("Couldn't find current declaration parent", elementToReportOn) - } - return dp - } + fun findOverriddenAttributes(f: IrFunction) = + stack.lastOrNull { it.first == f } ?.second + + fun findFirst(f: (Pair) -> Boolean) = + stack.findLast(f) } - private inner class DeclarationStackAdjuster(declaration: IrDeclaration): Closeable { - init { - declarationStack.push(declaration) - } - override fun close() { - declarationStack.pop() + data class OverriddenFunctionAttributes( + val id: Label? = null, + val sourceDeclarationId: Label? = null, + val sourceLoc: Label? = null, + val valueParameters: List? = null, + val typeParameters: List? = null, + val isStatic: Boolean? = null) + + private fun peekDeclStackAsDeclarationParent(elementToReportOn: IrElement): IrDeclarationParent? { + val trapWriter = tw + if (declarationStack.isEmpty() && trapWriter is SourceFileTrapWriter) { + // If the current declaration is used as a parent, we might end up with an empty stack. In this case, the source file is the parent. + return trapWriter.irFile } + + val dp = declarationStack.peek().first as? IrDeclarationParent + if (dp == null) + logger.errorElement("Couldn't find current declaration parent", elementToReportOn) + return dp } private enum class CompilerGeneratedKinds(val kind: Int) { @@ -4846,5 +5399,7 @@ open class KotlinFileExtractor( DELEGATED_PROPERTY_GETTER(6), DELEGATED_PROPERTY_SETTER(7), JVMSTATIC_PROXY_METHOD(8), + JVMOVERLOADS_METHOD(9), + DEFAULT_ARGUMENTS_METHOD(10) } } diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index ffadd6969a2..f7f553f03d9 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -38,7 +38,6 @@ open class KotlinUsesExtractor( val pluginContext: IrPluginContext, val globalExtensionState: KotlinExtractorGlobalState ) { - val javaLangObject by lazy { val result = pluginContext.referenceClass(FqName("java.lang.Object"))?.owner result?.let { extractExternalClassLater(it) } @@ -128,18 +127,24 @@ open class KotlinUsesExtractor( return this } + val newDeclarationStack = + if (this is KotlinFileExtractor) + this.declarationStack + else + KotlinFileExtractor.DeclarationStack() + if (clsFile == null || isExternalDeclaration(cls)) { val filePath = getIrClassBinaryPath(cls) val newTrapWriter = tw.makeFileTrapWriter(filePath, true) val newLoggerTrapWriter = logger.tw.makeFileTrapWriter(filePath, false) val newLogger = FileLogger(logger.loggerBase, newLoggerTrapWriter) - return KotlinFileExtractor(newLogger, newTrapWriter, filePath, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, globalExtensionState) + return KotlinFileExtractor(newLogger, newTrapWriter, null, filePath, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState) } val newTrapWriter = tw.makeSourceFileTrapWriter(clsFile, true) val newLoggerTrapWriter = logger.tw.makeSourceFileTrapWriter(clsFile, false) val newLogger = FileLogger(logger.loggerBase, newLoggerTrapWriter) - return KotlinFileExtractor(newLogger, newTrapWriter, clsFile.path, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, globalExtensionState) + return KotlinFileExtractor(newLogger, newTrapWriter, null, clsFile.path, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState) } // The Kotlin compiler internal representation of Outer.Inner.InnerInner is InnerInner. This function returns just `R`. @@ -205,10 +210,6 @@ open class KotlinUsesExtractor( // `typeArgs` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. fun useClassInstance(c: IrClass, typeArgs: List?, inReceiverContext: Boolean = false): UseClassInstanceResult { - if (c.isAnonymousObject) { - logger.error("Unexpected access to anonymous class instance") - } - val substituteClass = getJavaEquivalentClass(c) val extractClass = substituteClass ?: c @@ -406,24 +407,18 @@ open class KotlinUsesExtractor( if (replacedArgsIncludingOuterClasses == null || replacedArgsIncludingOuterClasses.isNotEmpty()) { // If this is a generic type instantiation or a raw type then it has no // source entity, so we need to extract it here - val extractorWithCSource by lazy { this.withFileOfClass(replacedClass) } - - if (!instanceSeenBefore) { - extractorWithCSource.extractClassInstance(replacedClass, replacedArgsIncludingOuterClasses) - } - - if (inReceiverContext && tw.lm.genericSpecialisationsExtracted.add(classLabelResult.classLabel)) { - val supertypeMode = if (replacedArgsIncludingOuterClasses == null) ExtractSupertypesMode.Raw else ExtractSupertypesMode.Specialised(replacedArgsIncludingOuterClasses) - extractorWithCSource.extractClassSupertypes(replacedClass, classLabel, supertypeMode, true) - extractorWithCSource.extractNonPrivateMemberPrototypes(replacedClass, replacedArgsIncludingOuterClasses, classLabel) + val shouldExtractClassDetails = inReceiverContext && tw.lm.genericSpecialisationsExtracted.add(classLabelResult.classLabel) + if (!instanceSeenBefore || shouldExtractClassDetails) { + this.withFileOfClass(replacedClass).extractClassInstance(classLabel, replacedClass, replacedArgsIncludingOuterClasses, !instanceSeenBefore, shouldExtractClassDetails) } } val fqName = replacedClass.fqNameWhenAvailable - val signature = if (fqName == null) { + val signature = if (replacedClass.isAnonymousObject) { + null + } else if (fqName == null) { logger.error("Unable to find signature/fqName for ${replacedClass.name}") - // TODO: Should we return null here instead? - "" + null } else { fqName.asString() } @@ -467,7 +462,7 @@ open class KotlinUsesExtractor( } } - fun useAnonymousClass(c: IrClass) = + private fun useAnonymousClass(c: IrClass) = tw.lm.anonymousTypeMapping.getOrPut(c) { TypeResults( TypeResult(tw.getFreshIdLabel(), "", ""), @@ -475,14 +470,6 @@ open class KotlinUsesExtractor( ) } - fun getExistingAnonymousClassLabel(c: IrClass): Label? { - if (!c.isAnonymousObject){ - return null - } - - return tw.lm.anonymousTypeMapping[c]?.javaResult?.id - } - fun fakeKotlinType(): Label { val fakeKotlinPackageId: Label = tw.getLabelFor("@\"FakeKotlinPackage\"", { tw.writePackages(it, "fake.kotlin") @@ -499,16 +486,6 @@ open class KotlinUsesExtractor( // `args` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. fun useSimpleTypeClass(c: IrClass, args: List?, hasQuestionMark: Boolean): TypeResults { - if (c.isAnonymousObject) { - args?.let { - if (it.isNotEmpty() && !isUnspecialised(c, it, logger)) { - logger.error("Unexpected specialised instance of generic anonymous class") - } - } - - return useAnonymousClass(c) - } - val classInstanceResult = useClassInstance(c, args) val javaClassId = classInstanceResult.typeResult.id val kotlinQualClassName = getUnquotedClassLabel(c, args).classLabel @@ -653,6 +630,26 @@ open class KotlinUsesExtractor( RETURN, GENERIC_ARGUMENT, OTHER } + private fun isOnDeclarationStackWithoutTypeParameters(f: IrFunction) = + this is KotlinFileExtractor && this.declarationStack.findOverriddenAttributes(f)?.typeParameters?.isEmpty() == true + + private fun isStaticFunctionOnStackBeforeClass(c: IrClass) = + this is KotlinFileExtractor && (this.declarationStack.findFirst { it.first == c || it.second?.isStatic == true })?.second?.isStatic == true + + private fun isUnavailableTypeParameter(t: IrType) = + t is IrSimpleType && t.classifier.owner.let { owner -> + owner is IrTypeParameter && owner.parent.let { parent -> + when (parent) { + is IrFunction -> isOnDeclarationStackWithoutTypeParameters(parent) + is IrClass -> isStaticFunctionOnStackBeforeClass(parent) + else -> false + } + } + } + + private fun argIsUnavailableTypeParameter(t: IrTypeArgument) = + t is IrTypeProjection && isUnavailableTypeParameter(t.type) + private fun useSimpleType(s: IrSimpleType, context: TypeContext): TypeResults { if (s.abbreviation != null) { // TODO: Extract this information @@ -724,11 +721,13 @@ open class KotlinUsesExtractor( } owner is IrClass -> { - val args = if (s.isRawType()) null else s.arguments + val args = if (s.isRawType() || s.arguments.any { argIsUnavailableTypeParameter(it) }) null else s.arguments return useSimpleTypeClass(owner, args, s.isNullable()) } owner is IrTypeParameter -> { + if (isUnavailableTypeParameter(s)) + return useType(erase(s), context) val javaResult = useTypeParameter(owner) val aClassId = makeClass("kotlin", "TypeParam") // TODO: Wrong val kotlinResult = if (true) TypeResult(fakeKotlinType(), "TODO", "TODO") else @@ -775,7 +774,7 @@ open class KotlinUsesExtractor( extractFileClass(dp) } is IrClass -> - if (classTypeArguments != null && !dp.isAnonymousObject) { + if (classTypeArguments != null) { useClassInstance(dp, classTypeArguments, inReceiverContext).typeResult.id } else { val replacedType = tryReplaceParcelizeRawType(dp) @@ -924,7 +923,7 @@ open class KotlinUsesExtractor( private val jvmWildcardAnnotation = FqName("kotlin.jvm.JvmWildcard") - private val jvmWildcardSuppressionAnnotaton = FqName("kotlin.jvm.JvmSuppressWildcards") + private val jvmWildcardSuppressionAnnotation = FqName("kotlin.jvm.JvmSuppressWildcards") private fun arrayExtendsAdditionAllowed(t: IrSimpleType): Boolean = // Note the array special case includes Array<*>, which does permit adding `? extends ...` (making `? extends Object[]` in that case) @@ -957,7 +956,7 @@ open class KotlinUsesExtractor( when { t.hasAnnotation(jvmWildcardAnnotation) -> true !addByDefault -> false - t.hasAnnotation(jvmWildcardSuppressionAnnotaton) -> false + t.hasAnnotation(jvmWildcardSuppressionAnnotation) -> false v == Variance.IN_VARIANCE -> !(t.isNullableAny() || t.isAny()) v == Variance.OUT_VARIANCE -> extendsAdditionAllowed(t) else -> false @@ -1027,16 +1026,20 @@ open class KotlinUsesExtractor( * looked up the parent ID ourselves, we would get as ID for * `java.lang.Throwable`, which isn't what we want. So we have to * allow it to be passed in. - */ + * + * `maybeParameterList` can be supplied to override the function's + * value parameters; this is used for generating labels of overloads + * that omit one or more parameters that has a default value specified. + */ @OptIn(ObsoleteDescriptorBasedAPI::class) - fun getFunctionLabel(f: IrFunction, maybeParentId: Label?, classTypeArgsIncludingOuterClasses: List?) = + fun getFunctionLabel(f: IrFunction, maybeParentId: Label?, classTypeArgsIncludingOuterClasses: List?, maybeParameterList: List? = null) = getFunctionLabel( f.parent, maybeParentId, getFunctionShortName(f).nameInDB, - f.valueParameters, + (maybeParameterList ?: f.valueParameters).map { it.type }, getAdjustedReturnType(f), - f.extensionReceiverParameter, + f.extensionReceiverParameter?.type, getFunctionTypeParameters(f), classTypeArgsIncludingOuterClasses, overridesCollectionsMethodWithAlteredParameterTypes(f), @@ -1058,12 +1061,12 @@ open class KotlinUsesExtractor( maybeParentId: Label?, // The name of the function; normally f.name.asString(). name: String, - // The value parameters that the functions takes; normally f.valueParameters. - parameters: List, + // The types of the value parameters that the functions takes; normally f.valueParameters.map { it.type }. + parameterTypes: List, // The return type of the function; normally f.returnType. returnType: IrType, - // The extension receiver of the function, if any; normally f.extensionReceiverParameter. - extensionReceiverParameter: IrValueParameter?, + // The extension receiver of the function, if any; normally f.extensionReceiverParameter?.type. + extensionParamType: IrType?, // The type parameters of the function. This does not include type parameters of enclosing classes. functionTypeParameters: List, // The type arguments of enclosing classes of the function. @@ -1080,11 +1083,7 @@ open class KotlinUsesExtractor( prefix: String = "callable" ): String { val parentId = maybeParentId ?: useDeclarationParent(parent, false, classTypeArgsIncludingOuterClasses, true) - val allParams = if (extensionReceiverParameter == null) { - parameters - } else { - listOf(extensionReceiverParameter) + parameters - } + val allParamTypes = if (extensionParamType == null) parameterTypes else listOf(extensionParamType) + parameterTypes val substitutionMap = classTypeArgsIncludingOuterClasses?.let { notNullArgs -> if (notNullArgs.isEmpty()) { @@ -1094,11 +1093,11 @@ open class KotlinUsesExtractor( enclosingClass?.let { notNullClass -> makeTypeGenericSubstitutionMap(notNullClass, notNullArgs) } } } - val getIdForFunctionLabel = { it: IndexedValue -> + val getIdForFunctionLabel = { it: IndexedValue -> // Kotlin rewrites certain Java collections types adding additional generic constraints-- for example, // Collection.remove(Object) because Collection.remove(Collection::E) in the Kotlin universe. // If this has happened, erase the type again to get the correct Java signature. - val maybeAmendedForCollections = if (overridesCollectionsMethod) eraseCollectionsMethodParameterType(it.value.type, name, it.index) else it.value.type + val maybeAmendedForCollections = if (overridesCollectionsMethod) eraseCollectionsMethodParameterType(it.value, name, it.index) else it.value // Add any wildcard types that the Kotlin compiler would add in the Java lowering of this function: val withAddedWildcards = addJavaLoweringWildcards(maybeAmendedForCollections, addParameterWildcardsByDefault, javaSignature?.let { sig -> getJavaValueParameterType(sig, it.index) }) // Now substitute any class type parameters in: @@ -1108,7 +1107,7 @@ open class KotlinUsesExtractor( val maybeErased = if (functionTypeParameters.isEmpty()) maybeSubbed else erase(maybeSubbed) "{${useType(maybeErased).javaResult.id}}" } - val paramTypeIds = allParams.withIndex().joinToString(separator = ",", transform = getIdForFunctionLabel) + val paramTypeIds = allParamTypes.withIndex().joinToString(separator = ",", transform = getIdForFunctionLabel) val labelReturnType = if (name == "") pluginContext.irBuiltIns.unitType @@ -1205,9 +1204,9 @@ open class KotlinUsesExtractor( } fun hasWildcardSuppressionAnnotation(d: IrDeclaration) = - d.hasAnnotation(jvmWildcardSuppressionAnnotaton) || + d.hasAnnotation(jvmWildcardSuppressionAnnotation) || // Note not using `parentsWithSelf` as that only works if `d` is an IrDeclarationParent - d.parents.any { (it as? IrAnnotationContainer)?.hasAnnotation(jvmWildcardSuppressionAnnotaton) == true } + d.parents.any { (it as? IrAnnotationContainer)?.hasAnnotation(jvmWildcardSuppressionAnnotation) == true } /** * Class to hold labels for generated classes around local functions, lambdas, function references, and property references. @@ -1258,13 +1257,6 @@ open class KotlinUsesExtractor( return tw.lm.locallyVisibleFunctionLabelMapping[f]?.function } - // These are classes with Java equivalents, but whose methods don't all exist on those Java equivalents-- - // for example, the numeric classes define arithmetic functions (Int.plus, Long.or and so on) that lower to - // primitive arithmetic on the JVM, but which we extract as calls to reflect the source syntax more closely. - private val expectedMissingEquivalents = setOf( - "kotlin.Boolean", "kotlin.Byte", "kotlin.Char", "kotlin.Double", "kotlin.Float", "kotlin.Int", "kotlin.Long", "kotlin.Number", "kotlin.Short" - ) - private fun kotlinFunctionToJavaEquivalent(f: IrFunction, noReplace: Boolean): IrFunction = if (noReplace) f @@ -1272,20 +1264,18 @@ open class KotlinUsesExtractor( f.parentClassOrNull?.let { parentClass -> getJavaEquivalentClass(parentClass)?.let { javaClass -> if (javaClass != parentClass) { - val jvmName = getJvmName(f) ?: f.name.asString() + var jvmName = getFunctionShortName(f).nameInDB + if (f.name.asString() == "get" && parentClass.fqNameWhenAvailable?.asString() == "kotlin.String") { + // `kotlin.String.get` has an equivalent `java.lang.String.get`, which in turn will be stored in the DB as `java.lang.String.charAt`. + // Maybe all operators should be handled the same way, but so far I only found this case that needed to be special cased. This is the + // only operator in `JvmNames.specialFunctions` + jvmName = "get" + } // Look for an exact type match... javaClass.declarations.findSubType { decl -> decl.name.asString() == jvmName && decl.valueParameters.size == f.valueParameters.size && - // Note matching by classifier not the whole type so that generic arguments are allowed to differ, - // as they always will for method type parameters occurring in parameter types (e.g. toArray(T[] array) - // Differing only by nullability would also be insignificant if it came up. - decl.valueParameters.zip(f.valueParameters).all { p -> p.first.type.classifierOrNull == p.second.type.classifierOrNull } - } ?: - // Or if there is none, look for the only viable overload - javaClass.declarations.singleOrNullSubType { decl -> - decl.name.asString() == jvmName && - decl.valueParameters.size == f.valueParameters.size + decl.valueParameters.zip(f.valueParameters).all { p -> erase(p.first.type).classifierOrNull == erase(p.second.type).classifierOrNull } } ?: // Or check property accessors: (f.propertyIfAccessor as? IrProperty)?.let { kotlinProp -> @@ -1299,9 +1289,7 @@ open class KotlinUsesExtractor( else null } ?: run { val parentFqName = parentClass.fqNameWhenAvailable?.asString() - if (!expectedMissingEquivalents.contains(parentFqName)) { - logger.warn("Couldn't find a Java equivalent function to $parentFqName.${f.name} in ${javaClass.fqNameWhenAvailable}") - } + logger.warn("Couldn't find a Java equivalent function to $parentFqName.${f.name.asString()} in ${javaClass.fqNameWhenAvailable?.asString()}") null } } @@ -1310,6 +1298,12 @@ open class KotlinUsesExtractor( } } ?: f + fun isPrivate(d: IrDeclaration) = + when(d) { + is IrDeclarationWithVisibility -> d.visibility.let { it == DescriptorVisibilities.PRIVATE || it == DescriptorVisibilities.PRIVATE_TO_THIS } + else -> false + } + fun useFunction(f: IrFunction, classTypeArgsIncludingOuterClasses: List? = null, noReplace: Boolean = false): Label { return useFunction(f, null, classTypeArgsIncludingOuterClasses, noReplace) } @@ -1321,7 +1315,9 @@ open class KotlinUsesExtractor( } val javaFun = kotlinFunctionToJavaEquivalent(f, noReplace) val label = getFunctionLabel(javaFun, parentId, classTypeArgsIncludingOuterClasses) - val id: Label = tw.getLabelFor(label) + val id: Label = tw.getLabelFor(label) { + extractPrivateSpecialisedDeclaration(f, classTypeArgsIncludingOuterClasses) + } if (isExternalDeclaration(javaFun)) { extractFunctionLaterIfExternalFileMember(javaFun) extractExternalEnclosingClassLater(javaFun) @@ -1329,6 +1325,19 @@ open class KotlinUsesExtractor( return id } + private fun extractPrivateSpecialisedDeclaration(d: IrDeclaration, classTypeArgsIncludingOuterClasses: List?) { + // Note here `classTypeArgsIncludingOuterClasses` being null doesn't signify a raw receiver type but rather that no type args were supplied. + // This is because a call to a private method can only be observed inside Kotlin code, and Kotlin can't represent raw types. + if (this is KotlinFileExtractor && isPrivate(d) && classTypeArgsIncludingOuterClasses != null && classTypeArgsIncludingOuterClasses.isNotEmpty()) { + d.parent.let { + when(it) { + is IrClass -> this.extractDeclarationPrototype(d, useClassInstance(it, classTypeArgsIncludingOuterClasses).typeResult.id, classTypeArgsIncludingOuterClasses) + else -> logger.warnElement("Unable to extract specialised declaration that isn't a member of a class", d) + } + } + } + } + fun getTypeArgumentLabel( arg: IrTypeArgument ): TypeResultWithoutSignature { @@ -1384,20 +1393,24 @@ open class KotlinUsesExtractor( private fun getUnquotedClassLabel(c: IrClass, argsIncludingOuterClasses: List?): ClassLabelResults { val pkg = c.packageFqName?.asString() ?: "" val cls = c.name.asString() - val label = when (val parent = c.parent) { - is IrClass -> { - "${getUnquotedClassLabel(parent, listOf()).classLabel}\$$cls" - } - is IrFunction -> { - "{${useFunction(parent)}}.$cls" - } - is IrField -> { - "{${useField(parent)}}.$cls" - } - else -> { - if (pkg.isEmpty()) cls else "$pkg.$cls" - } - } + val label = + if (c.isAnonymousObject) + "{${useAnonymousClass(c).javaResult.id}}" + else + when (val parent = c.parent) { + is IrClass -> { + "${getUnquotedClassLabel(parent, listOf()).classLabel}\$$cls" + } + is IrFunction -> { + "{${useFunction(parent)}}.$cls" + } + is IrField -> { + "{${useField(parent)}}.$cls" + } + else -> { + if (pkg.isEmpty()) cls else "$pkg.$cls" + } + } val reorderedArgs = orderTypeArgsLeftToRight(c, argsIncludingOuterClasses) val typeArgLabels = reorderedArgs?.map { getTypeArgumentLabel(it) } @@ -1408,20 +1421,17 @@ open class KotlinUsesExtractor( "" else typeArgLabels.takeLast(c.typeParameters.size).joinToString(prefix = "<", postfix = ">", separator = ",") { it.shortName } + val shortNamePrefix = if (c.isAnonymousObject) "" else cls return ClassLabelResults( label + (typeArgLabels?.joinToString(separator = "") { ";{${it.id}}" } ?: "<>"), - cls + typeArgsShortName + shortNamePrefix + typeArgsShortName ) } // `args` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. fun getClassLabel(c: IrClass, argsIncludingOuterClasses: List?): ClassLabelResults { - if (c.isAnonymousObject) { - logger.error("Label generation should not be requested for an anonymous class") - } - val unquotedLabel = getUnquotedClassLabel(c, argsIncludingOuterClasses) return ClassLabelResults( "@\"class;${unquotedLabel.classLabel}\"", @@ -1429,10 +1439,6 @@ open class KotlinUsesExtractor( } fun useClassSource(c: IrClass): Label { - if (c.isAnonymousObject) { - return useAnonymousClass(c).javaResult.id.cast() - } - // For source classes, the label doesn't include any type arguments val classTypeResult = addClassLabel(c, listOf()) return classTypeResult.id @@ -1440,6 +1446,12 @@ open class KotlinUsesExtractor( fun getTypeParameterParentLabel(param: IrTypeParameter) = param.parent.let { + (it as? IrFunction)?.let { fn -> + if (this is KotlinFileExtractor) + this.declarationStack.findOverriddenAttributes(fn)?.id + else + null + } ?: when (it) { is IrClass -> useClassSource(it) is IrFunction -> useFunction(it, noReplace = true) @@ -1492,10 +1504,10 @@ open class KotlinUsesExtractor( * Argument `inReceiverContext` will be passed onto the `useClassInstance` invocation for each supertype. */ fun extractClassSupertypes(c: IrClass, id: Label, mode: ExtractSupertypesMode = ExtractSupertypesMode.Unbound, inReceiverContext: Boolean = false) { - extractClassSupertypes(c.superTypes, c.typeParameters, id, mode, inReceiverContext) + extractClassSupertypes(c.superTypes, c.typeParameters, id, c.isInterfaceLike, mode, inReceiverContext) } - fun extractClassSupertypes(superTypes: List, typeParameters: List, id: Label, mode: ExtractSupertypesMode = ExtractSupertypesMode.Unbound, inReceiverContext: Boolean = false) { + fun extractClassSupertypes(superTypes: List, typeParameters: List, id: Label, isInterface: Boolean, mode: ExtractSupertypesMode = ExtractSupertypesMode.Unbound, inReceiverContext: Boolean = false) { // Note we only need to substitute type args here because it is illegal to directly extend a type variable. // (For example, we can't have `class A : E`, but can have `class A : Comparable`) val subbedSupertypes = when(mode) { @@ -1510,12 +1522,15 @@ open class KotlinUsesExtractor( for(t in subbedSupertypes) { when(t) { is IrSimpleType -> { - val owner = t.classifier.owner - when (owner) { + when (val owner = t.classifier.owner) { is IrClass -> { val typeArgs = if (t.arguments.isNotEmpty() && mode is ExtractSupertypesMode.Raw) null else t.arguments val l = useClassInstance(owner, typeArgs, inReceiverContext).typeResult.id - tw.writeExtendsReftype(id, l) + if (isInterface || !owner.isInterfaceLike) { + tw.writeExtendsReftype(id, l) + } else { + tw.writeImplInterface(id.cast(), l.cast()) + } } else -> { logger.error("Unexpected simple type supertype: " + t.javaClass + ": " + t.render()) @@ -1544,7 +1559,7 @@ open class KotlinUsesExtractor( * Note that `Array` is retained (with `T` itself erased) because these are expected to be lowered to Java * arrays, which are not generic. */ - private fun erase (t: IrType): IrType { + fun erase (t: IrType): IrType { if (t is IrSimpleType) { val classifier = t.classifier val owner = classifier.owner @@ -1571,26 +1586,38 @@ open class KotlinUsesExtractor( private fun eraseTypeParameter(t: IrTypeParameter) = erase(t.superTypes[0]) + fun getValueParameterLabel(parentId: Label?, idx: Int) = "@\"params;{$parentId};$idx\"" + /** * Gets the label for `vp` in the context of function instance `parent`, or in that of its declaring function if * `parent` is null. */ fun getValueParameterLabel(vp: IrValueParameter, parent: Label?): String { val declarationParent = vp.parent - val parentId = parent ?: useDeclarationParent(declarationParent, false) + val overriddenParentAttributes = (declarationParent as? IrFunction)?.let { + // Note the check 'vp.fileOrNull?.path == this.filePath' should never actually do anything, since references + // to a value parameter should always come from within the same .kt file. + if (this is KotlinFileExtractor && vp.fileOrNull?.path == this.filePath) + this.declarationStack.findOverriddenAttributes(it) + else + null + } + val parentId = parent ?: overriddenParentAttributes?.id ?: useDeclarationParent(declarationParent, false) - val idx = if (declarationParent is IrFunction && declarationParent.extensionReceiverParameter != null) + val idxBase = overriddenParentAttributes?.valueParameters?.indexOf(vp) ?: vp.index + val idxOffset = if (declarationParent is IrFunction && declarationParent.extensionReceiverParameter != null) // For extension functions increase the index to match what the java extractor sees: - vp.index + 1 + 1 else - vp.index + 0 + val idx = idxBase + idxOffset if (idx < 0) { // We're not extracting this and this@TYPE parameters of functions: logger.error("Unexpected negative index for parameter") } - return "@\"params;{$parentId};$idx\"" + return getValueParameterLabel(parentId, idx) } @@ -1652,12 +1679,15 @@ open class KotlinUsesExtractor( val returnType = getter?.returnType ?: setter?.valueParameters?.singleOrNull()?.type ?: pluginContext.irBuiltIns.unitType val typeParams = getFunctionTypeParameters(func) - getFunctionLabel(p.parent, parentId, p.name.asString(), listOf(), returnType, ext, typeParams, classTypeArgsIncludingOuterClasses, overridesCollectionsMethod = false, javaSignature = null, addParameterWildcardsByDefault = false, prefix = "property") + getFunctionLabel(p.parent, parentId, p.name.asString(), listOf(), returnType, ext.type, typeParams, classTypeArgsIncludingOuterClasses, overridesCollectionsMethod = false, javaSignature = null, addParameterWildcardsByDefault = false, prefix = "property") } } - fun useProperty(p: IrProperty, parentId: Label, classTypeArgsIncludingOuterClasses: List?): Label = - tw.getLabelFor(getPropertyLabel(p, parentId, classTypeArgsIncludingOuterClasses)).also { extractPropertyLaterIfExternalFileMember(p) } + fun useProperty(p: IrProperty, parentId: Label, classTypeArgsIncludingOuterClasses: List?) = + tw.getLabelFor(getPropertyLabel(p, parentId, classTypeArgsIncludingOuterClasses)) { + extractPropertyLaterIfExternalFileMember(p) + extractPrivateSpecialisedDeclaration(p, classTypeArgsIncludingOuterClasses) + } fun getEnumEntryLabel(ee: IrEnumEntry): String { val parentId = useDeclarationParent(ee.parent, false) diff --git a/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt b/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt new file mode 100644 index 00000000000..8fb8869443e --- /dev/null +++ b/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt @@ -0,0 +1,127 @@ +package com.github.codeql + +import com.github.codeql.utils.versions.Psi2Ir +import com.intellij.psi.PsiComment +import com.intellij.psi.PsiElement +import com.intellij.psi.PsiWhiteSpace +import org.jetbrains.kotlin.ir.IrElement +import org.jetbrains.kotlin.ir.declarations.* +import org.jetbrains.kotlin.kdoc.psi.api.KDocElement +import org.jetbrains.kotlin.psi.KtCodeFragment +import org.jetbrains.kotlin.psi.KtVisitor + +class LinesOfCode( + val logger: FileLogger, + val tw: FileTrapWriter, + val file: IrFile +) { + val psi2Ir = Psi2Ir(logger) + + fun linesOfCodeInFile(id: Label) { + val ktFile = psi2Ir.getKtFile(file) + if (ktFile == null) { + return + } + linesOfCodeInPsi(id, ktFile, file) + } + + fun linesOfCodeInDeclaration(d: IrDeclaration, id: Label) { + val p = psi2Ir.findPsiElement(d, file) + if (p == null) { + return + } + linesOfCodeInPsi(id, p, d) + } + + private fun linesOfCodeInPsi(id: Label, root: PsiElement, e: IrElement) { + val document = root.getContainingFile().getViewProvider().getDocument() + if (document == null) { + logger.errorElement("Cannot find document for PSI", e) + tw.writeNumlines(id, 0, 0, 0) + return + } + + val rootRange = root.getTextRange() + val rootFirstLine = document.getLineNumber(rootRange.getStartOffset()) + val rootLastLine = document.getLineNumber(rootRange.getEndOffset()) + if (rootLastLine < rootFirstLine) { + logger.errorElement("PSI ends before it starts", e) + tw.writeNumlines(id, 0, 0, 0) + return + } + val numLines = 1 + rootLastLine - rootFirstLine + val lineContents = Array(numLines) { LineContent() } + + val visitor = + object : KtVisitor() { + override fun visitElement(element: PsiElement) { + val isComment = element is PsiComment + // Comments may include nodes that aren't PsiComments, + // so we don't want to visit them or we'll think they + // are code. + if (!isComment) { + element.acceptChildren(this) + } + + if (element is PsiWhiteSpace) { + return + } + // Leaf nodes are assumed to be tokens, and + // therefore we count any lines that they are on. + // For comments, we actually need to look at the + // outermost node, as the leaves of KDocs don't + // necessarily cover all lines. + if (isComment || element.getChildren().size == 0) { + val range = element.getTextRange() + val startOffset = range.getStartOffset() + val endOffset = range.getEndOffset() + // The PSI doesn't seem to have anything like + // the IR's UNDEFINED_OFFSET and SYNTHETIC_OFFSET, + // but < 0 still seem to represent bad/unknown + // locations. + if (startOffset < 0 || endOffset < 0) { + logger.errorElement("PSI has negative offset", e) + return + } + if (startOffset > endOffset) { + return + } + // We might get e.g. an import list for a file + // with no imports, which claims to have start + // and end offsets of 0. Anything of 0 width + // we therefore just skip. + if (startOffset == endOffset) { + return + } + val firstLine = document.getLineNumber(startOffset) + val lastLine = document.getLineNumber(endOffset) + if (firstLine < rootFirstLine) { + logger.errorElement("PSI element starts before root", e) + return + } else if (lastLine > rootLastLine) { + logger.errorElement("PSI element ends after root", e) + return + } + for (line in firstLine..lastLine) { + val lineContent = lineContents[line - rootFirstLine] + if (isComment) { + lineContent.containsComment = true + } else { + lineContent.containsCode = true + } + } + } + } + } + root.accept(visitor) + val total = lineContents.size + val code = lineContents.count { it.containsCode } + val comment = lineContents.count { it.containsComment } + tw.writeNumlines(id, total, code, comment) + } + + private class LineContent { + var containsComment = false + var containsCode = false + } +} diff --git a/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt b/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt index eb09685905c..cae3174ecbd 100644 --- a/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt @@ -127,12 +127,7 @@ class CommentExtractor(private val fileExtractor: KotlinFileExtractor, private v // local functions are not named globally, so we need to get them from the local function label cache label = "local function ${element.name.asString()}" fileExtractor.getExistingLocallyVisibleFunctionLabel(element) - } else if (element is IrClass && element.isAnonymousObject) { - // anonymous objects are not named globally, so we need to get them from the cache - label = "anonymous class ${element.name.asString()}" - fileExtractor.getExistingAnonymousClassLabel(element) - } - else { + } else { label = getLabelForNamedElement(element) ?: return null tw.getExistingLabelFor(label) } @@ -145,12 +140,7 @@ class CommentExtractor(private val fileExtractor: KotlinFileExtractor, private v private fun getLabelForNamedElement(element: IrElement) : String? { when (element) { - is IrClass -> - return if (element.isAnonymousObject) { - null - } else { - fileExtractor.getClassLabel(element, listOf()).classLabel - } + is IrClass -> return fileExtractor.getClassLabel(element, listOf()).classLabel is IrTypeParameter -> return fileExtractor.getTypeParameterLabel(element) is IrFunction -> { return if (element.isLocalFunction()) { diff --git a/java/kotlin-extractor/src/main/kotlin/utils/Helpers.kt b/java/kotlin-extractor/src/main/kotlin/utils/Helpers.kt index c1f498beda2..563845cbb23 100644 --- a/java/kotlin-extractor/src/main/kotlin/utils/Helpers.kt +++ b/java/kotlin-extractor/src/main/kotlin/utils/Helpers.kt @@ -1,8 +1,12 @@ package com.github.codeql.utils +import org.jetbrains.kotlin.descriptors.ClassKind import org.jetbrains.kotlin.descriptors.DescriptorVisibilities +import org.jetbrains.kotlin.ir.declarations.IrClass import org.jetbrains.kotlin.ir.declarations.IrFunction fun IrFunction.isLocalFunction(): Boolean { return this.visibility == DescriptorVisibilities.LOCAL -} \ No newline at end of file +} + +val IrClass.isInterfaceLike get() = kind == ClassKind.INTERFACE || kind == ClassKind.ANNOTATION_CLASS \ No newline at end of file diff --git a/java/kotlin-extractor/src/main/kotlin/utils/Iterable.kt b/java/kotlin-extractor/src/main/kotlin/utils/Iterable.kt index c21c4729d40..266710a5afe 100644 --- a/java/kotlin-extractor/src/main/kotlin/utils/Iterable.kt +++ b/java/kotlin-extractor/src/main/kotlin/utils/Iterable.kt @@ -12,15 +12,3 @@ inline fun Iterable.findSubType( ): S? { return this.find { it is S && predicate(it) } as S? } - -/** - * This behaves the same as Iterable.singleOrNull, but - * requires that the value found is of the subtype S, and it casts - * the result for you appropriately. - */ -inline fun Iterable.singleOrNullSubType( - predicate: (S) -> Boolean -): S? { - return this.singleOrNull { it is S && predicate(it) } as S? -} - diff --git a/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt b/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt index 428c7dab718..85bbf728b47 100644 --- a/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt +++ b/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt @@ -12,7 +12,7 @@ package com.github.codeql * `shortName` is a Java primitive name (e.g. "int"), a class short name with Java-style type arguments ("InnerClass" or * "OuterClass" or "OtherClass") or an array ("componentShortName[]"). */ -data class TypeResultGeneric(val id: Label, val signature: SignatureType, val shortName: String) { +data class TypeResultGeneric(val id: Label, val signature: SignatureType?, val shortName: String) { fun cast(): TypeResultGeneric { @Suppress("UNCHECKED_CAST") return this as TypeResultGeneric diff --git a/java/ql/consistency-queries/javaEquivalent.ql b/java/ql/consistency-queries/javaEquivalent.ql new file mode 100644 index 00000000000..009f6eb3b4f --- /dev/null +++ b/java/ql/consistency-queries/javaEquivalent.ql @@ -0,0 +1,6 @@ +import java +import semmle.code.java.Diagnostics + +from Diagnostic d +where exists(d.getMessage().indexOf("Couldn't find a Java equivalent function to ")) +select d diff --git a/java/ql/consistency-queries/visibility.ql b/java/ql/consistency-queries/visibility.ql index 1b6744cea1d..eea402017d5 100644 --- a/java/ql/consistency-queries/visibility.ql +++ b/java/ql/consistency-queries/visibility.ql @@ -10,6 +10,8 @@ string visibility(Method m) { result = "internal" and m.isInternal() } +predicate hasPackagePrivateVisibility(Method m) { not exists(visibility(m)) } + // TODO: This ought to check more than just methods from Method m where @@ -19,5 +21,6 @@ where // TODO: This ought to have visibility information not m.getName() = "" and count(visibility(m)) != 1 and - not (count(visibility(m)) = 2 and visibility(m) = "public" and visibility(m) = "internal") // This is a reasonable result, since the JVM symbol is declared public, but Kotlin metadata flags it as internal + not (count(visibility(m)) = 2 and visibility(m) = "public" and visibility(m) = "internal") and // This is a reasonable result, since the JVM symbol is declared public, but Kotlin metadata flags it as internal + not (hasPackagePrivateVisibility(m) and m.getName().matches("%$default")) // This is a reasonable result because the $default forwarder methods corresponding to private methods are package-private. select m, concat(visibility(m), ", ") diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected index 183abf9a986..fa16a8a7d81 100644 --- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected +++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected @@ -1,2 +1,3 @@ | CodeQL Kotlin extractor | 2 | | IrProperty without a getter | d.kt:0:0:0:0 | d.kt:0:0:0:0 | -| CodeQL Kotlin extractor | 2 | | Not rewriting trap file for: Boolean -1.0-0- -1.0-0-null test-db/trap/java/classes/kotlin/Boolean.members.trap.gz | file://:0:0:0:0 | file://:0:0:0:0 | +| CodeQL Kotlin extractor | 2 | | Not rewriting trap file for test-db/trap/java/classes/java/lang/Boolean.members/Boolean.members--kotlin.trap.gz as it exists | file://:0:0:0:0 | file://:0:0:0:0 | +| CodeQL Kotlin extractor | 2 | | Not rewriting trap file for test-db/trap/java/classes/kotlin/Boolean.members/Boolean.members--null.trap.gz as it exists | file://:0:0:0:0 | file://:0:0:0:0 | diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql index 57ec32bb048..94e2c43d437 100644 --- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql +++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql @@ -1,13 +1,14 @@ import java -from string genBy, int severity, string tag, string msg, Location l +from string genBy, int severity, string tag, string msg, string msg2, Location l where diagnostics(_, genBy, severity, tag, msg, _, l) and ( // Different installations get different sets of these messages, // so we filter out all but one that happens everywhere. - msg.matches("Not rewriting trap file for: %") + msg.matches("Not rewriting trap file for %") implies - msg.matches("Not rewriting trap file for: Boolean %") - ) -select genBy, severity, tag, msg, l + msg.matches("Not rewriting trap file for %Boolean.members%") + ) and + msg2 = msg.regexpReplaceAll("#-?[0-9]+\\.-?[0-9]+--?[0-9]+-", "--") +select genBy, severity, tag, msg2, l diff --git a/java/ql/integration-tests/posix-only/kotlin/gradle_kotlinx_serialization/PrintAst.expected b/java/ql/integration-tests/posix-only/kotlin/gradle_kotlinx_serialization/PrintAst.expected index d55c54eea83..68363f41329 100644 --- a/java/ql/integration-tests/posix-only/kotlin/gradle_kotlinx_serialization/PrintAst.expected +++ b/java/ql/integration-tests/posix-only/kotlin/gradle_kotlinx_serialization/PrintAst.expected @@ -17,9 +17,9 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [WhenBranch] ... -> ... # 7| 0: [ValueNEExpr] ... (value not-equals) ... # 7| 0: [IntegerLiteral] 3 -# 7| 1: [MethodAccess] and(...) -# 7| -1: [IntegerLiteral] 3 -# 7| 0: [VarAccess] seen1 +# 7| 1: [AndBitwiseExpr] ... & ... +# 7| 0: [IntegerLiteral] 3 +# 7| 1: [VarAccess] seen1 # 7| 1: [ExprStmt] ; # 7| 0: [MethodAccess] throwMissingFieldException(...) # 7| -1: [TypeAccess] PluginExceptionsKt @@ -65,7 +65,48 @@ app/src/main/kotlin/testProject/App.kt: # 0| -3: [TypeAccess] Project # 0| 0: [VarAccess] name # 0| 1: [VarAccess] language -# 0| 5: [Method] equals +# 0| 5: [Method] copy$default +# 0| 3: [TypeAccess] Project +#-----| 4: (Parameters) +# 0| 0: [Parameter] p0 +# 0| 0: [TypeAccess] Project +# 0| 1: [Parameter] p1 +# 0| 0: [TypeAccess] String +# 0| 2: [Parameter] p2 +# 0| 0: [TypeAccess] int +# 0| 3: [Parameter] p3 +# 0| 0: [TypeAccess] int +# 0| 4: [Parameter] p4 +# 0| 0: [TypeAccess] Object +# 0| 5: [BlockStmt] { ... } +# 0| 0: [IfStmt] if (...) +# 0| 0: [EQExpr] ... == ... +# 0| 0: [AndBitwiseExpr] ... & ... +# 0| 0: [IntegerLiteral] 1 +# 0| 1: [VarAccess] p3 +# 0| 1: [IntegerLiteral] 0 +# 0| 1: [ExprStmt] ; +# 0| 0: [AssignExpr] ...=... +# 0| 0: [VarAccess] p1 +# 0| 1: [VarAccess] p0.name +# 0| -1: [VarAccess] p0 +# 0| 1: [IfStmt] if (...) +# 0| 0: [EQExpr] ... == ... +# 0| 0: [AndBitwiseExpr] ... & ... +# 0| 0: [IntegerLiteral] 2 +# 0| 1: [VarAccess] p3 +# 0| 1: [IntegerLiteral] 0 +# 0| 1: [ExprStmt] ; +# 0| 0: [AssignExpr] ...=... +# 0| 0: [VarAccess] p2 +# 0| 1: [VarAccess] p0.language +# 0| -1: [VarAccess] p0 +# 0| 2: [ReturnStmt] return ... +# 0| 0: [MethodAccess] copy(...) +# 0| -1: [VarAccess] p0 +# 0| 0: [VarAccess] p1 +# 0| 1: [VarAccess] p2 +# 0| 6: [Method] equals # 0| 3: [TypeAccess] boolean #-----| 4: (Parameters) # 0| 0: [Parameter] other @@ -114,7 +155,7 @@ app/src/main/kotlin/testProject/App.kt: # 0| 0: [BooleanLiteral] false # 0| 5: [ReturnStmt] return ... # 0| 0: [BooleanLiteral] true -# 0| 6: [Method] hashCode +# 0| 7: [Method] hashCode # 0| 3: [TypeAccess] int # 0| 5: [BlockStmt] { ... } # 0| 0: [LocalVariableDeclStmt] var ...; @@ -125,16 +166,16 @@ app/src/main/kotlin/testProject/App.kt: # 0| 1: [ExprStmt] ; # 0| 0: [AssignExpr] ...=... # 0| 0: [VarAccess] result -# 0| 1: [MethodAccess] plus(...) -# 0| -1: [MethodAccess] times(...) -# 0| -1: [VarAccess] result -# 0| 0: [IntegerLiteral] 31 -# 0| 0: [MethodAccess] hashCode(...) +# 0| 1: [AddExpr] ... + ... +# 0| 0: [MulExpr] ... * ... +# 0| 0: [VarAccess] result +# 0| 1: [IntegerLiteral] 31 +# 0| 1: [MethodAccess] hashCode(...) # 0| -1: [VarAccess] this.language # 0| -1: [ThisAccess] this # 0| 2: [ReturnStmt] return ... # 0| 0: [VarAccess] result -# 0| 7: [Method] toString +# 0| 8: [Method] toString # 0| 3: [TypeAccess] String # 0| 5: [BlockStmt] { ... } # 0| 0: [ReturnStmt] return ... @@ -148,7 +189,7 @@ app/src/main/kotlin/testProject/App.kt: # 0| 5: [VarAccess] this.language # 0| -1: [ThisAccess] this # 0| 6: [StringLiteral] ) -# 0| 8: [Method] write$Self +# 0| 9: [Method] write$Self # 0| 3: [TypeAccess] Unit #-----| 4: (Parameters) # 0| 0: [Parameter] self @@ -172,7 +213,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 1: [IntegerLiteral] 1 # 7| 2: [MethodAccess] getLanguage(...) # 7| -1: [VarAccess] self -# 7| 9: [Class] $serializer +# 7| 10: [Class] $serializer # 0| 1: [FieldDeclaration] SerialDescriptor descriptor; # 0| -1: [TypeAccess] SerialDescriptor # 0| 2: [Method] childSerializers @@ -232,9 +273,9 @@ app/src/main/kotlin/testProject/App.kt: # 7| 1: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp3_bitMask0 -# 7| 1: [MethodAccess] or(...) -# 7| -1: [VarAccess] tmp3_bitMask0 -# 7| 0: [IntegerLiteral] 1 +# 7| 1: [OrBitwiseExpr] ... | ... +# 7| 0: [VarAccess] tmp3_bitMask0 +# 7| 1: [IntegerLiteral] 1 # 7| 1: [BlockStmt] { ... } # 7| 0: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... @@ -246,9 +287,9 @@ app/src/main/kotlin/testProject/App.kt: # 7| 1: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp3_bitMask0 -# 7| 1: [MethodAccess] or(...) -# 7| -1: [VarAccess] tmp3_bitMask0 -# 7| 0: [IntegerLiteral] 2 +# 7| 1: [OrBitwiseExpr] ... | ... +# 7| 0: [VarAccess] tmp3_bitMask0 +# 7| 1: [IntegerLiteral] 2 # 7| 1: [WhenBranch] ... -> ... # 7| 0: [BooleanLiteral] true # 7| 1: [WhileStmt] while (...) @@ -285,9 +326,9 @@ app/src/main/kotlin/testProject/App.kt: # 7| 1: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp3_bitMask0 -# 7| 1: [MethodAccess] or(...) -# 7| -1: [VarAccess] tmp3_bitMask0 -# 7| 0: [IntegerLiteral] 1 +# 7| 1: [OrBitwiseExpr] ... | ... +# 7| 0: [VarAccess] tmp3_bitMask0 +# 7| 1: [IntegerLiteral] 1 # 7| 2: [WhenBranch] ... -> ... # 7| 0: [ValueEQExpr] ... (value equals) ... # 7| 0: [VarAccess] tmp2_index @@ -303,9 +344,9 @@ app/src/main/kotlin/testProject/App.kt: # 7| 1: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp3_bitMask0 -# 7| 1: [MethodAccess] or(...) -# 7| -1: [VarAccess] tmp3_bitMask0 -# 7| 0: [IntegerLiteral] 2 +# 7| 1: [OrBitwiseExpr] ... | ... +# 7| 0: [VarAccess] tmp3_bitMask0 +# 7| 1: [IntegerLiteral] 2 # 7| 3: [WhenBranch] ... -> ... # 7| 0: [BooleanLiteral] true # 7| 1: [ThrowStmt] throw ... @@ -384,7 +425,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| -1: [ThisAccess] $serializer.this # 7| 0: [TypeAccess] $serializer # 7| 1: [VarAccess] tmp0_serialDesc -# 7| 10: [Class] Companion +# 7| 11: [Class] Companion # 0| 1: [Method] serializer # 0| 3: [TypeAccess] KSerializer # 0| 0: [TypeAccess] Project @@ -395,7 +436,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 5: [BlockStmt] { ... } # 7| 0: [SuperConstructorInvocationStmt] super(...) # 7| 1: [BlockStmt] { ... } -# 8| 11: [Constructor] Project +# 8| 12: [Constructor] Project #-----| 4: (Parameters) # 8| 0: [Parameter] name # 8| 0: [TypeAccess] String @@ -410,21 +451,21 @@ app/src/main/kotlin/testProject/App.kt: # 8| 1: [ExprStmt] ; # 8| 0: [KtInitializerAssignExpr] ...=... # 8| 0: [VarAccess] language -# 8| 12: [FieldDeclaration] String name; +# 8| 13: [FieldDeclaration] String name; # 8| -1: [TypeAccess] String # 8| 0: [VarAccess] name -# 8| 13: [Method] getName +# 8| 14: [Method] getName # 8| 3: [TypeAccess] String # 8| 5: [BlockStmt] { ... } # 8| 0: [ReturnStmt] return ... # 8| 0: [VarAccess] this.name # 8| -1: [ThisAccess] this -# 8| 14: [Method] getLanguage +# 8| 15: [Method] getLanguage # 8| 3: [TypeAccess] int # 8| 5: [BlockStmt] { ... } # 8| 0: [ReturnStmt] return ... # 8| 0: [VarAccess] this.language # 8| -1: [ThisAccess] this -# 8| 15: [FieldDeclaration] int language; +# 8| 16: [FieldDeclaration] int language; # 8| -1: [TypeAccess] int # 8| 0: [VarAccess] language diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/libsrc/extlib/A.java b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/libsrc/extlib/A.java new file mode 100644 index 00000000000..aa577f6526b --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/libsrc/extlib/A.java @@ -0,0 +1,6 @@ +package extlib; + +public class A { + protected void m() {} +} + diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.expected b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.expected new file mode 100644 index 00000000000..459a8d9209d --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.expected @@ -0,0 +1,2 @@ +| extlib.jar/extlib/A.class:0:0:0:0 | m | protected | +| test.kt:4:12:4:22 | m | override, protected | diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.kt b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.kt new file mode 100644 index 00000000000..49f233036b4 --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.kt @@ -0,0 +1,6 @@ +import extlib.A; + +class B : A() { + override fun m() { } +} + diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.py b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.py new file mode 100644 index 00000000000..31c641d7013 --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.py @@ -0,0 +1,10 @@ +from create_database_utils import * +import glob + +# Compile Java untraced. Note the Java source is hidden under `javasrc` so the Kotlin compiler +# will certainly reference the jar, not the source or class file for extlib.Lib + +os.mkdir('build') +runSuccessfully(["javac"] + glob.glob("libsrc/extlib/*.java") + ["-d", "build"]) +runSuccessfully(["jar", "cf", "extlib.jar", "-C", "build", "extlib"]) +run_codeql_database_create(["kotlinc test.kt -cp extlib.jar"], lang="java") diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.ql b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.ql new file mode 100644 index 00000000000..3c4cf8ac898 --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.ql @@ -0,0 +1,6 @@ +import java + +query predicate mods(Method m, string modifiers) { + m.getName() = "m" and + modifiers = concat(string s | m.hasModifier(s) | s, ", ") +} diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 0f9512eabda..2724a6d3cef 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.1 + +### Minor Analysis Improvements + +* Added external flow sources for the intents received in exported Android services. + ## 0.4.0 ### Breaking Changes diff --git a/java/ql/lib/change-notes/2022-09-20-CompilationUnit-getATypeInScope.md b/java/ql/lib/change-notes/2022-09-20-CompilationUnit-getATypeInScope.md deleted file mode 100644 index dfb7e939060..00000000000 --- a/java/ql/lib/change-notes/2022-09-20-CompilationUnit-getATypeInScope.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added the predicate `CompilationUnit.getATypeInScope()`. diff --git a/java/ql/lib/change-notes/2022-09-22-android-deeplink-flow-steps.md b/java/ql/lib/change-notes/2022-09-22-android-deeplink-flow-steps.md new file mode 100644 index 00000000000..1ed229b1e05 --- /dev/null +++ b/java/ql/lib/change-notes/2022-09-22-android-deeplink-flow-steps.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Added data flow steps for tainted Android intents that are sent to services and receivers. +* Improved the data flow step for tainted Android intents that are sent to activities so that more cases are covered. diff --git a/java/ql/lib/change-notes/2022-09-22-android-deprecate-contextstartactivitymethod.md b/java/ql/lib/change-notes/2022-09-22-android-deprecate-contextstartactivitymethod.md new file mode 100644 index 00000000000..3500322afad --- /dev/null +++ b/java/ql/lib/change-notes/2022-09-22-android-deprecate-contextstartactivitymethod.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* Deprecated `ContextStartActivityMethod`. Use `StartActivityMethod` instead. diff --git a/java/ql/lib/change-notes/2022-09-29-contentprovider-incomplete-permissions.md b/java/ql/lib/change-notes/2022-09-29-contentprovider-incomplete-permissions.md new file mode 100644 index 00000000000..db4da90e5e9 --- /dev/null +++ b/java/ql/lib/change-notes/2022-09-29-contentprovider-incomplete-permissions.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Added a new predicate, `hasIncompletePermissions`, in the `AndroidProviderXmlElement` class. This predicate detects if a provider element does not provide both read and write permissions. diff --git a/java/ql/lib/change-notes/2022-10-11-modifiable-type-variable.md b/java/ql/lib/change-notes/2022-10-11-modifiable-type-variable.md new file mode 100644 index 00000000000..38ce11b96b1 --- /dev/null +++ b/java/ql/lib/change-notes/2022-10-11-modifiable-type-variable.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The class `TypeVariable` now also extends `Modifiable`. diff --git a/java/ql/lib/change-notes/2022-10-13-stream-collect.md b/java/ql/lib/change-notes/2022-10-13-stream-collect.md new file mode 100644 index 00000000000..bd7f6c3e8d4 --- /dev/null +++ b/java/ql/lib/change-notes/2022-10-13-stream-collect.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for common patterns involving `Stream.collect` and common collectors like `Collectors.toList()`. diff --git a/java/ql/lib/change-notes/2022-09-23-android-service-sources.md b/java/ql/lib/change-notes/released/0.4.1.md similarity index 66% rename from java/ql/lib/change-notes/2022-09-23-android-service-sources.md rename to java/ql/lib/change-notes/released/0.4.1.md index 812ff07422d..866a6cf524b 100644 --- a/java/ql/lib/change-notes/2022-09-23-android-service-sources.md +++ b/java/ql/lib/change-notes/released/0.4.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.4.1 + +### Minor Analysis Improvements + * Added external flow sources for the intents received in exported Android services. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 458bfbeccff..89fa3a87180 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.0 +lastReleaseVersion: 0.4.1 diff --git a/java/ql/lib/config/semmlecode.dbscheme b/java/ql/lib/config/semmlecode.dbscheme index ecb42310286..709f1d1fd04 100644 --- a/java/ql/lib/config/semmlecode.dbscheme +++ b/java/ql/lib/config/semmlecode.dbscheme @@ -1033,7 +1033,7 @@ javadocText( @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | @kt_property; -@modifiable = @member_modifiable| @param | @localvar ; +@modifiable = @member_modifiable| @param | @localvar | @typevariable; @member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index df1ad196123..fc774265862 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.4.1-dev +version: 0.4.2-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/lib/semmle/code/java/CompilationUnit.qll b/java/ql/lib/semmle/code/java/CompilationUnit.qll index 74396e7086b..9b4b58e9a9b 100644 --- a/java/ql/lib/semmle/code/java/CompilationUnit.qll +++ b/java/ql/lib/semmle/code/java/CompilationUnit.qll @@ -31,38 +31,5 @@ class CompilationUnit extends Element, File { */ Module getModule() { cumodule(this, result) } - /** - * Gets a type which is available in the top-level scope of this compilation unit. - * This can be a type: - * - declared in this compilation unit as top-level type - * - imported with an `import` declaration - * - declared in the same package as this compilation unit - * - declared in the package `java.lang` - * - * This predicate not consider "shadowing", it can have types as result whose simple name is - * shadowed by another type in scope. - */ - ClassOrInterface getATypeInScope() { - // See "Shadowing", https://docs.oracle.com/javase/specs/jls/se17/html/jls-6.html#jls-6.4.1 - // Currently shadowing is not considered - result.(TopLevelType).getCompilationUnit() = this - or - exists(Import importDecl | importDecl.getCompilationUnit() = this | - result = - [ - importDecl.(ImportStaticTypeMember).getATypeImport(), - importDecl.(ImportType).getImportedType(), - importDecl.(ImportStaticOnDemand).getATypeImport(), - importDecl.(ImportOnDemandFromType).getAnImport(), - importDecl.(ImportOnDemandFromPackage).getAnImport(), - ] - ) - or - // From same package or java.lang, see https://docs.oracle.com/javase/specs/jls/se17/html/jls-7.html - result.(TopLevelType).getPackage() = this.getPackage() - or - result.(TopLevelType).getPackage().hasName("java.lang") - } - override string getAPrimaryQlClass() { result = "CompilationUnit" } } diff --git a/java/ql/lib/semmle/code/java/Element.qll b/java/ql/lib/semmle/code/java/Element.qll index 96c8a8c5c21..0120cdc158f 100644 --- a/java/ql/lib/semmle/code/java/Element.qll +++ b/java/ql/lib/semmle/code/java/Element.qll @@ -63,6 +63,10 @@ class Element extends @element, Top { i = 7 and result = "Setter for a Kotlin delegated property" or i = 8 and result = "Proxy static method for a @JvmStatic-annotated function or property" + or + i = 9 and result = "Forwarder for a @JvmOverloads-annotated function" + or + i = 10 and result = "Forwarder for Kotlin calls that need default arguments filling in" ) } } diff --git a/java/ql/lib/semmle/code/java/GeneratedFiles.qll b/java/ql/lib/semmle/code/java/GeneratedFiles.qll index a7d1ae628f0..79197653848 100644 --- a/java/ql/lib/semmle/code/java/GeneratedFiles.qll +++ b/java/ql/lib/semmle/code/java/GeneratedFiles.qll @@ -51,9 +51,9 @@ library class MarkerCommentGeneratedFile extends GeneratedFile { /** * A marker comment that indicates that it is in a generated file. */ -private class GeneratedFileMarker extends Top instanceof JavadocElement { +private class GeneratedFileMarker extends Top { GeneratedFileMarker() { - exists(string msg | msg = this.getText() | + exists(string msg | msg = this.(JavadocElement).getText() or msg = this.(KtComment).getText() | msg.regexpMatch("(?i).*\\bGenerated By\\b.*\\bDo not edit\\b.*") or msg.regexpMatch("(?i).*\\bThis (file|class|interface|art[ei]fact) (was|is|(has been)) (?:auto[ -]?)?gener(e?)ated.*") or msg.regexpMatch("(?i).*\\bAny modifications to this file will be lost\\b.*") or diff --git a/java/ql/lib/semmle/code/java/Generics.qll b/java/ql/lib/semmle/code/java/Generics.qll index 95471437988..54cab14fe40 100644 --- a/java/ql/lib/semmle/code/java/Generics.qll +++ b/java/ql/lib/semmle/code/java/Generics.qll @@ -137,7 +137,7 @@ abstract class BoundedType extends RefType, @boundedtype { * For example, `T` is a type parameter in * `class X { }` and in ` void m() { }`. */ -class TypeVariable extends BoundedType, @typevariable { +class TypeVariable extends BoundedType, Modifiable, @typevariable { /** Gets the generic type that is parameterized by this type parameter, if any. */ GenericType getGenericType() { typeVars(this, _, _, _, result) } diff --git a/java/ql/lib/semmle/code/java/Member.qll b/java/ql/lib/semmle/code/java/Member.qll index 456e6e8b12a..9aa1f8d31c0 100644 --- a/java/ql/lib/semmle/code/java/Member.qll +++ b/java/ql/lib/semmle/code/java/Member.qll @@ -294,6 +294,48 @@ class Callable extends StmtParent, Member, @callable { constrs(this, _, result, _, _, _) or methods(this, _, result, _, _, _) } + + /** + * Gets this callable's Kotlin proxy that supplies default parameter values, if one exists. + * + * For example, for the Kotlin declaration `fun f(x: Int, y: Int = 0, z: String = "1")`, + * this will get the synthetic proxy method that fills in the default values for `y` and `z` + * if not supplied, and to which the Kotlin extractor dispatches calls to `f` that are missing + * one or more parameter value. Similarly, constructors with one or more default parameter values + * have a corresponding constructor that fills in default values. + */ + Callable getKotlinParameterDefaultsProxy() { + this.getDeclaringType() = result.getDeclaringType() and + exists(int proxyNParams, int extraLeadingParams, RefType lastParamType | + proxyNParams = result.getNumberOfParameters() and + extraLeadingParams = (proxyNParams - this.getNumberOfParameters()) - 2 and + extraLeadingParams >= 0 and + result.getParameterType(proxyNParams - 1) = lastParamType and + result.getParameterType(proxyNParams - 2).(PrimitiveType).hasName("int") and + ( + this instanceof Constructor and + result instanceof Constructor and + extraLeadingParams = 0 and + lastParamType.hasQualifiedName("kotlin.jvm.internal", "DefaultConstructorMarker") + or + this instanceof Method and + result instanceof Method and + this.getName() + "$default" = result.getName() and + extraLeadingParams <= 2 and + lastParamType instanceof TypeObject + ) + | + forall(int paramIdx | paramIdx in [extraLeadingParams .. proxyNParams - 3] | + this.getParameterType(paramIdx - extraLeadingParams).getErasure() = + eraseRaw(result.getParameterType(paramIdx)) + ) + ) + } +} + +/** Gets the erasure of `t1` if it is a raw type, or `t1` itself otherwise. */ +private Type eraseRaw(Type t1) { + if t1 instanceof RawType then result = t1.getErasure() else result = t1 } /** Holds if method `m1` overrides method `m2`. */ diff --git a/java/ql/lib/semmle/code/java/Modifier.qll b/java/ql/lib/semmle/code/java/Modifier.qll index 3f69550d44b..150b65be671 100644 --- a/java/ql/lib/semmle/code/java/Modifier.qll +++ b/java/ql/lib/semmle/code/java/Modifier.qll @@ -67,6 +67,12 @@ abstract class Modifiable extends Element { /** Holds if this element has an `inline` modifier. */ predicate isInline() { this.hasModifier("inline") } + /** Holds if this element has a `noinline` modifier. */ + predicate isNoinline() { this.hasModifier("noinline") } + + /** Holds if this element has a `crossinline` modifier. */ + predicate isCrossinline() { this.hasModifier("crossinline") } + /** Holds if this element has a `suspend` modifier. */ predicate isSuspend() { this.hasModifier("suspend") } @@ -87,4 +93,16 @@ abstract class Modifiable extends Element { /** Holds if this element has a `strictfp` modifier. */ predicate isStrictfp() { this.hasModifier("strictfp") } + + /** Holds if this element has a `lateinit` modifier. */ + predicate isLateinit() { this.hasModifier("lateinit") } + + /** Holds if this element has a `reified` modifier. */ + predicate isReified() { this.hasModifier("reified") } + + /** Holds if this element has an `in` modifier. */ + predicate isIn() { this.hasModifier("in") } + + /** Holds if this element has an `out` modifier. */ + predicate isOut() { this.hasModifier("out") } } diff --git a/java/ql/lib/semmle/code/java/PrintAst.qll b/java/ql/lib/semmle/code/java/PrintAst.qll index b2937d67940..4fe7e3f1ec5 100644 --- a/java/ql/lib/semmle/code/java/PrintAst.qll +++ b/java/ql/lib/semmle/code/java/PrintAst.qll @@ -534,12 +534,17 @@ final class ClassInterfaceNode extends ElementNode { or childIndex >= 0 and result.(ElementNode).getElement() = - rank[childIndex](Element e, string file, int line, int column, string childStr | + rank[childIndex](Element e, string file, int line, int column, string childStr, int argCount | e = this.getADeclaration() and locationSortKeys(e, file, line, column) and - childStr = e.toString() + childStr = e.toString() and + ( + if e instanceof Callable + then argCount = e.(Callable).getNumberOfParameters() + else argCount = 0 + ) | - e order by file, line, column, childStr + e order by file, line, column, childStr, argCount ) } } diff --git a/java/ql/lib/semmle/code/java/Type.qll b/java/ql/lib/semmle/code/java/Type.qll index b3fb3ce8e88..9a5852d641a 100644 --- a/java/ql/lib/semmle/code/java/Type.qll +++ b/java/ql/lib/semmle/code/java/Type.qll @@ -686,7 +686,7 @@ class SrcRefType extends RefType { /** A class declaration. */ class Class extends ClassOrInterface, @class { /** Holds if this class is an anonymous class. */ - predicate isAnonymous() { isAnonymClass(this, _) } + predicate isAnonymous() { isAnonymClass(this.getSourceDeclaration(), _) } override RefType getSourceDeclaration() { classes(this, _, _, result) } @@ -800,10 +800,13 @@ class AnonymousClass extends NestedClass { } /** Gets the class instance expression where this anonymous class occurs. */ - ClassInstanceExpr getClassInstanceExpr() { isAnonymClass(this, result) } + ClassInstanceExpr getClassInstanceExpr() { isAnonymClass(this.getSourceDeclaration(), result) } override string toString() { - result = "new " + this.getClassInstanceExpr().getTypeName() + "(...) { ... }" + // Include super.toString, i.e. the name given in the database, because for Kotlin anonymous + // classes we can get specialisations of anonymous generic types, and this will supply the + // trailing type arguments. + result = "new " + this.getClassInstanceExpr().getTypeName() + "(...) { ... }" + super.toString() } /** diff --git a/java/ql/lib/semmle/code/java/controlflow/Guards.qll b/java/ql/lib/semmle/code/java/controlflow/Guards.qll index 321af254c35..7152c65191c 100644 --- a/java/ql/lib/semmle/code/java/controlflow/Guards.qll +++ b/java/ql/lib/semmle/code/java/controlflow/Guards.qll @@ -232,6 +232,7 @@ predicate guardControls_v2(Guard guard, BasicBlock controlled, boolean branch) { ) } +pragma[nomagic] private predicate guardControls_v3(Guard guard, BasicBlock controlled, boolean branch) { guard.directlyControls(controlled, branch) or diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 5dada4f8532..8460c662d5c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -75,7 +75,7 @@ import java private import semmle.code.java.dataflow.DataFlow::DataFlow private import internal.DataFlowPrivate private import internal.FlowSummaryImpl::Private::External -private import internal.FlowSummaryImplSpecific +private import internal.FlowSummaryImplSpecific as FlowSummaryImplSpecific private import internal.AccessPathSyntax private import FlowSummary @@ -361,19 +361,7 @@ private class SummaryModelCsvBase extends SummaryModelCsv { "java.net;URI;false;toURL;;;Argument[-1];ReturnValue;taint;manual", "java.net;URI;false;toString;;;Argument[-1];ReturnValue;taint;manual", "java.net;URI;false;toAsciiString;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;toURI;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;toPath;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;getAbsoluteFile;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;getCanonicalFile;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual", "java.nio;ByteBuffer;false;array;();;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual", - "java.nio.file;Path;false;toFile;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;toUri;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual", "java.io;BufferedReader;true;readLine;;;Argument[-1];ReturnValue;taint;manual", "java.io;Reader;true;read;();;Argument[-1];ReturnValue;taint;manual", // arg to return @@ -400,8 +388,6 @@ private class SummaryModelCsvBase extends SummaryModelCsv { // arg to arg "java.lang;System;false;arraycopy;;;Argument[0];Argument[2];taint;manual", // constructor flow - "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual", - "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual", "java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint;manual", "java.net;URL;false;URL;(String);;Argument[0];Argument[-1];taint;manual", "javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];Argument[-1];taint;manual", @@ -848,7 +834,7 @@ private module Cached { */ cached predicate sourceNode(Node node, string kind) { - exists(InterpretNode n | isSourceNode(n, kind) and n.asNode() = node) + exists(FlowSummaryImplSpecific::InterpretNode n | isSourceNode(n, kind) and n.asNode() = node) } /** @@ -857,7 +843,7 @@ private module Cached { */ cached predicate sinkNode(Node node, string kind) { - exists(InterpretNode n | isSinkNode(n, kind) and n.asNode() = node) + exists(FlowSummaryImplSpecific::InterpretNode n | isSinkNode(n, kind) and n.asNode() = node) } } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll index 1792c2e9f11..ed9b0de165d 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll @@ -4,7 +4,6 @@ import java private import internal.FlowSummaryImpl as Impl -private import internal.DataFlowDispatch private import internal.DataFlowUtil // import all instances of SummarizedCallable below @@ -24,6 +23,12 @@ module SummaryComponent { /** Gets a summary component for field `f`. */ SummaryComponent field(Field f) { result = content(any(FieldContent c | c.getField() = f)) } + /** Gets a summary component for `Element`. */ + SummaryComponent element() { result = content(any(CollectionContent c)) } + + /** Gets a summary component for `MapValue`. */ + SummaryComponent mapValue() { result = content(any(MapValueContent c)) } + /** Gets a summary component that represents the return value of a call. */ SummaryComponent return() { result = return(_) } } @@ -42,10 +47,129 @@ module SummaryComponentStack { result = push(SummaryComponent::field(f), object) } + /** Gets a stack representing `Element` of `object`. */ + SummaryComponentStack elementOf(SummaryComponentStack object) { + result = push(SummaryComponent::element(), object) + } + + /** Gets a stack representing `MapValue` of `object`. */ + SummaryComponentStack mapValueOf(SummaryComponentStack object) { + result = push(SummaryComponent::mapValue(), object) + } + /** Gets a singleton stack representing a (normal) return. */ SummaryComponentStack return() { result = singleton(SummaryComponent::return()) } } +/** A synthetic callable with a set of concrete call sites and a flow summary. */ +abstract class SyntheticCallable extends string { + bindingset[this] + SyntheticCallable() { any() } + + /** Gets a call that targets this callable. */ + abstract Call getACall(); + + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * See `SummarizedCallable::propagatesFlow` for details. + */ + predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + none() + } + + /** + * Gets the type of the parameter at the specified position with -1 indicating + * the instance parameter. If no types are provided then the types default to + * `Object`. + */ + Type getParameterType(int pos) { none() } + + /** + * Gets the return type of this callable. If no type is provided then the type + * defaults to `Object`. + */ + Type getReturnType() { none() } +} + +private newtype TSummarizedCallableBase = + TSimpleCallable(Callable c) { c.isSourceDeclaration() } or + TSyntheticCallable(SyntheticCallable c) + +/** + * A callable that may have a flow summary. This is either a regular `Callable` + * or a `SyntheticCallable`. + */ +class SummarizedCallableBase extends TSummarizedCallableBase { + /** Gets a textual representation of this callable. */ + string toString() { result = this.asCallable().toString() or result = this.asSyntheticCallable() } + + /** Gets the source location for this callable. */ + Location getLocation() { + result = this.asCallable().getLocation() + or + result.hasLocationInfo("", 0, 0, 0, 0) and + this instanceof TSyntheticCallable + } + + /** Gets this callable cast as a `Callable`. */ + Callable asCallable() { this = TSimpleCallable(result) } + + /** Gets this callable cast as a `SyntheticCallable`. */ + SyntheticCallable asSyntheticCallable() { this = TSyntheticCallable(result) } + + /** Gets a call that targets this callable. */ + Call getACall() { + result.getCallee().getSourceDeclaration() = this.asCallable() + or + result = this.asSyntheticCallable().getACall() + } + + /** + * Gets the type of the parameter at the specified position with -1 indicating + * the instance parameter. + */ + Type getParameterType(int pos) { + result = this.asCallable().getParameterType(pos) + or + pos = -1 and result = this.asCallable().getDeclaringType() + or + result = this.asSyntheticCallable().getParameterType(pos) + or + exists(SyntheticCallable sc | sc = this.asSyntheticCallable() | + Impl::Private::summaryParameterNodeRange(this, pos) and + not exists(sc.getParameterType(pos)) and + result instanceof TypeObject + ) + } + + /** Gets the return type of this callable. */ + Type getReturnType() { + result = this.asCallable().getReturnType() + or + exists(SyntheticCallable sc | sc = this.asSyntheticCallable() | + result = sc.getReturnType() + or + not exists(sc.getReturnType()) and + result instanceof TypeObject + ) + } +} + class SummarizedCallable = Impl::Public::SummarizedCallable; +/** + * An adapter class to add the flow summaries specified on `SyntheticCallable` + * to `SummarizedCallable`. + */ +private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSyntheticCallable { + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + this.asSyntheticCallable().propagatesFlow(input, output, preservesValue) + } +} + class RequiredSummaryComponentStack = Impl::Public::RequiredSummaryComponentStack; diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll index a57d1ca32be..22e79a2240d 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll @@ -9,9 +9,7 @@ private import semmle.code.java.dispatch.internal.Unification private module DispatchImpl { private predicate hasHighConfidenceTarget(Call c) { - exists(SummarizedCallable sc | - sc = c.getCallee().getSourceDeclaration() and not sc.isAutoGenerated() - ) + exists(SummarizedCallable sc | sc.getACall() = c and not sc.isAutoGenerated()) or exists(Callable srcTgt | srcTgt = VirtualDispatch::viableCallable(c) and @@ -30,7 +28,7 @@ private module DispatchImpl { DataFlowCallable viableCallable(DataFlowCall c) { result.asCallable() = sourceDispatch(c.asCall()) or - result.asSummarizedCallable() = c.asCall().getCallee().getSourceDeclaration() + result.asSummarizedCallable().getACall() = c.asCall() } /** @@ -144,7 +142,7 @@ private module DispatchImpl { not Unification::failsUnification(t, t2) ) or - result.asSummarizedCallable() = def + result.asSummarizedCallable().getACall() = ma ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll index 67e93ea7f6f..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll @@ -163,7 +163,9 @@ abstract class Configuration extends string { /** * Holds if data may flow from some source to `sink` for this configuration. */ - predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) } + predicate hasFlowTo(Node sink) { + sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode() + } /** * Holds if data may flow from some source to `sink` for this configuration. @@ -836,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -858,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -905,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -997,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1258,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1482,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1660,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1673,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1698,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1740,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -2925,12 +2929,17 @@ abstract private class PathNodeImpl extends PathNode { result = this.getASuccessorImpl() } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getASuccessorIfHidden*() and - not this.isHidden() and + pragma[nomagic] + private PathNodeImpl getANonHiddenSuccessor0() { + result = this.getASuccessorIfHidden*() and not result.isHidden() } + final PathNodeImpl getANonHiddenSuccessor() { + result = this.getASuccessorImpl().getANonHiddenSuccessor0() and + not this.isHidden() + } + abstract NodeEx getNodeEx(); predicate isHidden() { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll index e4fc3a01aa5..5c16102b066 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll @@ -463,11 +463,7 @@ module Private { c.asSummarizedCallable() = sc and pos = pos_ } - Type getTypeImpl() { - result = sc.getParameter(pos_).getType() - or - pos_ = -1 and result = sc.getDeclaringType() - } + Type getTypeImpl() { result = sc.getParameterType(pos_) } } } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll index d3a833d2438..6888899079c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll @@ -83,6 +83,8 @@ predicate jumpStep(Node node1, Node node2) { or any(AdditionalValueStep a).step(node1, node2) and node1.getEnclosingCallable() != node2.getEnclosingCallable() + or + FlowSummaryImpl::Private::Steps::summaryJumpStep(node1, node2) } /** @@ -241,12 +243,6 @@ class DataFlowCallable extends TDataFlowCallable { Field asFieldScope() { this = TFieldScope(result) } - RefType getDeclaringType() { - result = this.asCallable().getDeclaringType() or - result = this.asSummarizedCallable().getDeclaringType() or - result = this.asFieldScope().getDeclaringType() - } - string toString() { result = this.asCallable().toString() or result = "Synthetic: " + this.asSummarizedCallable().toString() or diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index d857cdaa359..275569b4c02 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -61,6 +61,20 @@ module Public { /** Gets a summary component for a return of kind `rk`. */ SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } } /** @@ -256,6 +270,7 @@ module Private { TParameterSummaryComponent(ArgumentPosition pos) or TArgumentSummaryComponent(ParameterPosition pos) or TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or TWithoutContentSummaryComponent(ContentSet c) or TWithContentSummaryComponent(ContentSet c) @@ -563,6 +578,11 @@ module Private { getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), rk) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) or n = summaryNodeOutputState(c, s) and @@ -582,6 +602,11 @@ module Private { getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), pos) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) ) } @@ -692,6 +717,18 @@ module Private { ) } + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(Node pred, Node succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + /** * Holds if values stored inside content `c` are cleared at `n`. `n` is a * synthesized summary node, so in order for values to be cleared at calls @@ -750,6 +787,27 @@ module Private { ) } + /** + * Holds if `p` can reach `n` in a summarized callable, using only value-preserving + * local steps. `clearsOrExpects` records whether any node on the path from `p` to + * `n` either clears or expects contents. + */ + private predicate paramReachesLocal(ParamNode p, Node n, boolean clearsOrExpects) { + viableParam(_, _, _, p) and + n = p and + clearsOrExpects = false + or + exists(Node mid, boolean clearsOrExpectsMid | + paramReachesLocal(p, mid, clearsOrExpectsMid) and + summaryLocalStep(mid, n, true) and + if + summaryClearsContent(n, _) or + summaryExpectsContent(n, _) + then clearsOrExpects = true + else clearsOrExpects = clearsOrExpectsMid + ) + } + /** * Holds if use-use flow starting from `arg` should be prohibited. * @@ -759,15 +817,11 @@ module Private { */ pragma[nomagic] predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) { - exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret | + exists(ParamNode p, ParameterPosition ppos, Node ret | + paramReachesLocal(p, ret, true) and p = summaryArgParam0(_, arg, sc) and p.isParameterOf(_, pragma[only_bind_into](ppos)) and - summaryLocalStep(p, mid, true) and - summaryLocalStep(mid, ret, true) and isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos)) - | - summaryClearsContent(mid, _) or - summaryExpectsContent(mid, _) ) } @@ -854,18 +908,28 @@ module Private { AccessPathRange() { relevantSpec(this) } } - /** Holds if specification component `c` parses as parameter `n`. */ + /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and pos = parseParamBody(token.getAnArgument()) } - /** Holds if specification component `c` parses as argument `n`. */ + /** Holds if specification component `token` parses as argument `pos`. */ predicate parseArg(AccessPathToken token, ParameterPosition pos) { token.getName() = "Argument" and pos = parseArgBody(token.getAnArgument()) } + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + private SummaryComponent interpretComponent(AccessPathToken token) { exists(ParameterPosition pos | parseArg(token, pos) and result = SummaryComponent::argument(pos) @@ -877,6 +941,10 @@ module Private { or token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or result = interpretComponentSpecific(token) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll index 1dfca1e6c4c..87cb0dace0e 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll @@ -9,12 +9,9 @@ private import DataFlowUtil private import FlowSummaryImpl::Private private import FlowSummaryImpl::Public private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSummary as FlowSummary -private module FlowSummaries { - private import semmle.code.java.dataflow.FlowSummary as F -} - -class SummarizedCallableBase = Callable; +class SummarizedCallableBase = FlowSummary::SummarizedCallableBase; DataFlowCallable inject(SummarizedCallable c) { result.asSummarizedCallable() = c } @@ -55,6 +52,12 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { exists(rk) } +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { + exists(sg) and + result instanceof TypeObject +} + bindingset[provenance] private boolean isGenerated(string provenance) { provenance = "generated" and result = true @@ -67,14 +70,16 @@ private boolean isGenerated(string provenance) { * `input`, output specification `output`, kind `kind`, and a flag `generated` * stating whether the summary is autogenerated. */ -predicate summaryElement(Callable c, string input, string output, string kind, boolean generated) { +predicate summaryElement( + SummarizedCallableBase c, string input, string output, string kind, boolean generated +) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, string provenance | summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance) and generated = isGenerated(provenance) and - c = interpretElement(namespace, type, subtypes, name, signature, ext) + c.asCallable() = interpretElement(namespace, type, subtypes, name, signature, ext) ) } @@ -82,11 +87,11 @@ predicate summaryElement(Callable c, string input, string output, string kind, b * Holds if a negative flow summary exists for `c`, which means that there is no * flow through `c`. The flag `generated` states whether the summary is autogenerated. */ -predicate negativeSummaryElement(Callable c, boolean generated) { +predicate negativeSummaryElement(SummarizedCallableBase c, boolean generated) { exists(string namespace, string type, string name, string signature, string provenance | negativeSummaryModel(namespace, type, name, signature, provenance) and generated = isGenerated(provenance) and - c = interpretElement(namespace, type, false, name, signature, "") + c.asCallable() = interpretElement(namespace, type, false, name, signature, "") ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index d52b340e67a..a0acc69cbff 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -33,6 +33,57 @@ predicate localExprTaint(Expr src, Expr sink) { localTaint(DataFlow::exprNode(src), DataFlow::exprNode(sink)) } +/** Holds if `node` is an endpoint for local taint flow. */ +signature predicate nodeSig(DataFlow::Node node); + +/** Provides local taint flow restricted to a given set of sources and sinks. */ +module LocalTaintFlow { + private predicate reachRev(DataFlow::Node n) { + sink(n) + or + exists(DataFlow::Node mid | + localTaintStep(n, mid) and + reachRev(mid) + ) + } + + private predicate reachFwd(DataFlow::Node n) { + reachRev(n) and + ( + source(n) + or + exists(DataFlow::Node mid | + localTaintStep(mid, n) and + reachFwd(mid) + ) + ) + } + + private predicate step(DataFlow::Node n1, DataFlow::Node n2) { + localTaintStep(n1, n2) and + reachFwd(n1) and + reachFwd(n2) + } + + /** + * Holds if taint can flow from `n1` to `n2` in zero or more local + * (intra-procedural) steps that are restricted to be part of a path between + * `source` and `sink`. + */ + pragma[inline] + predicate hasFlow(DataFlow::Node n1, DataFlow::Node n2) { step*(n1, n2) } + + /** + * Holds if taint can flow from `n1` to `n2` in zero or more local + * (intra-procedural) steps that are restricted to be part of a path between + * `source` and `sink`. + */ + pragma[inline] + predicate hasExprFlow(Expr n1, Expr n2) { + hasFlow(DataFlow::exprNode(n1), DataFlow::exprNode(n2)) + } +} + cached private module Cached { private import DataFlowImplCommon as DataFlowImplCommon diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll index 8dbb9bb530e..edeb9e9dccf 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll @@ -304,6 +304,15 @@ class RootdefCallable extends Callable { this.getAnAnnotation() instanceof OverrideAnnotation or this.hasModifier("override") + or + // Exclude generated callables, such as `...$default` ones extracted from Kotlin code. + this.isCompilerGenerated() + or + // Exclude Kotlin serialization constructors. + this.(Constructor) + .getParameterType(this.getNumberOfParameters() - 1) + .(RefType) + .hasQualifiedName("kotlinx.serialization.internal", "SerializationConstructorMarker") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/Stream.qll b/java/ql/lib/semmle/code/java/frameworks/Stream.qll index 5f6dcf38f86..0c1347044c5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Stream.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Stream.qll @@ -1,6 +1,101 @@ /** Definitions related to `java.util.stream`. */ private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSummary + +private class CollectCall extends MethodAccess { + CollectCall() { + this.getMethod() + .getSourceDeclaration() + .hasQualifiedName("java.util.stream", "Stream", "collect") + } +} + +private class Collector extends MethodAccess { + Collector() { + this.getMethod().getDeclaringType().hasQualifiedName("java.util.stream", "Collectors") + } + + predicate hasName(string name) { this.getMethod().hasName(name) } +} + +private class CollectToContainer extends SyntheticCallable { + CollectToContainer() { this = "java.util.stream.collect()+Collectors.[toList,...]" } + + override Call getACall() { + result + .(CollectCall) + .getArgument(0) + .(Collector) + .hasName([ + "maxBy", "minBy", "toCollection", "toList", "toSet", "toUnmodifiableList", + "toUnmodifiableSet" + ]) + } + + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + input = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and + output = SummaryComponentStack::elementOf(SummaryComponentStack::return()) and + preservesValue = true + } +} + +private class CollectToJoining extends SyntheticCallable { + CollectToJoining() { this = "java.util.stream.collect()+Collectors.joining" } + + override Call getACall() { result.(CollectCall).getArgument(0).(Collector).hasName("joining") } + + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + input = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and + output = SummaryComponentStack::return() and + preservesValue = false + } + + override Type getReturnType() { result instanceof TypeString } +} + +private class CollectToGroupingBy extends SyntheticCallable { + CollectToGroupingBy() { + this = "java.util.stream.collect()+Collectors.[groupingBy(Function),...]" + } + + override Call getACall() { + exists(Method m | + m = result.(CollectCall).getArgument(0).(Collector).getMethod() and + m.hasName(["groupingBy", "groupingByConcurrent", "partitioningBy"]) and + m.getNumberOfParameters() = 1 + ) + } + + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + input = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and + output = + SummaryComponentStack::elementOf(SummaryComponentStack::mapValueOf(SummaryComponentStack::return())) and + preservesValue = true + } +} + +private class RequiredComponentStackForCollect extends RequiredSummaryComponentStack { + override predicate required(SummaryComponent head, SummaryComponentStack tail) { + head = SummaryComponent::element() and + tail = SummaryComponentStack::qualifier() + or + head = SummaryComponent::element() and + tail = SummaryComponentStack::return() + or + head = SummaryComponent::element() and + tail = SummaryComponentStack::mapValueOf(SummaryComponentStack::return()) + or + head = SummaryComponent::mapValue() and + tail = SummaryComponentStack::return() + } +} private class StreamModel extends SummaryModelCsv { override predicate row(string s) { @@ -19,7 +114,7 @@ private class StreamModel extends SummaryModelCsv { "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[1].Parameter[0];Argument[2].Parameter[0..1];value;manual", "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[2].Parameter[0..1];Argument[1].Parameter[0];value;manual", "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[-1].Element;Argument[1].Parameter[1];value;manual", - // Missing: collect(Collector collector) + // collect(Collector collector) is handled separately on a case-by-case basis as it is too complex for MaD "java.util.stream;Stream;true;concat;(Stream,Stream);;Argument[0..1].Element;ReturnValue.Element;value;manual", "java.util.stream;Stream;true;distinct;();;Argument[-1].Element;ReturnValue.Element;value;manual", "java.util.stream;Stream;true;dropWhile;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll index ad260c9545c..be38b83e5a7 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll @@ -3,9 +3,7 @@ private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.FlowSteps -/** - * The class `android.content.Intent`. - */ +/** The class `android.content.Intent`. */ class TypeIntent extends Class { TypeIntent() { this.hasQualifiedName("android.content", "Intent") } } @@ -15,23 +13,17 @@ class TypeComponentName extends Class { TypeComponentName() { this.hasQualifiedName("android.content", "ComponentName") } } -/** - * The class `android.app.Activity`. - */ +/** The class `android.app.Activity`. */ class TypeActivity extends Class { TypeActivity() { this.hasQualifiedName("android.app", "Activity") } } -/** - * The class `android.app.Service`. - */ +/** The class `android.app.Service`. */ class TypeService extends Class { TypeService() { this.hasQualifiedName("android.app", "Service") } } -/** - * The class `android.content.Context`. - */ +/** The class `android.content.Context`. */ class TypeContext extends RefType { // Not inlining this makes it more likely to be used as a sentinel, // which is useful when running Android queries on non-Android projects. @@ -39,25 +31,19 @@ class TypeContext extends RefType { TypeContext() { this.hasQualifiedName("android.content", "Context") } } -/** - * The class `android.content.BroadcastReceiver`. - */ +/** The class `android.content.BroadcastReceiver`. */ class TypeBroadcastReceiver extends Class { TypeBroadcastReceiver() { this.hasQualifiedName("android.content", "BroadcastReceiver") } } -/** - * The method `Activity.getIntent` - */ +/** The method `Activity.getIntent` */ class AndroidGetIntentMethod extends Method { AndroidGetIntentMethod() { this.hasName("getIntent") and this.getDeclaringType() instanceof TypeActivity } } -/** - * The method `BroadcastReceiver.onReceive`. - */ +/** The method `BroadcastReceiver.onReceive`. */ class AndroidReceiveIntentMethod extends Method { AndroidReceiveIntentMethod() { this.hasName("onReceive") and this.getDeclaringType() instanceof TypeBroadcastReceiver @@ -77,8 +63,10 @@ class AndroidServiceIntentMethod extends Method { /** * The method `Context.startActivity` or `startActivities`. + * + * DEPRECATED: Use `StartActivityMethod` instead. */ -class ContextStartActivityMethod extends Method { +deprecated class ContextStartActivityMethod extends Method { ContextStartActivityMethod() { (this.hasName("startActivity") or this.hasName("startActivities")) and this.getDeclaringType() instanceof TypeContext @@ -86,16 +74,57 @@ class ContextStartActivityMethod extends Method { } /** - * Specifies that if an `Intent` is tainted, then so are its synthetic fields. + * The method `Context.startActivity`, `Context.startActivities`, + * `Activity.startActivity`,`Activity.startActivities`, + * `Activity.startActivityForResult`, `Activity.startActivityIfNeeded`, + * `Activity.startNextMatchingActivity`, `Activity.startActivityFromChild`, + * or `Activity.startActivityFromFragment`. */ +class StartActivityMethod extends Method { + StartActivityMethod() { + this.getName().matches("start%Activit%") and + ( + this.getDeclaringType() instanceof TypeContext or + this.getDeclaringType() instanceof TypeActivity + ) + } +} + +/** + * The method `Context.sendBroadcast`, `sendBroadcastAsUser`, + * `sendOrderedBroadcast`, `sendOrderedBroadcastAsUser`, + * `sendStickyBroadcast`, `sendStickyBroadcastAsUser`, + * `sendStickyOrderedBroadcast`, `sendStickyOrderedBroadcastAsUser`, + * or `sendBroadcastWithMultiplePermissions`. + */ +class SendBroadcastMethod extends Method { + SendBroadcastMethod() { + this.getName().matches("send%Broadcast%") and + this.getDeclaringType() instanceof TypeContext + } +} + +/** + * The method `Context.startService`, `startForegroundService`, + * `bindIsolatedService`, `bindService`, or `bindServiceAsUser`. + */ +class StartServiceMethod extends Method { + StartServiceMethod() { + this.hasName([ + "startService", "startForegroundService", "bindIsolatedService", "bindService", + "bindServiceAsUser" + ]) and + this.getDeclaringType() instanceof TypeContext + } +} + +/** Specifies that if an `Intent` is tainted, then so are its synthetic fields. */ private class IntentFieldsInheritTaint extends DataFlow::SyntheticFieldContent, TaintInheritingContent { IntentFieldsInheritTaint() { this.getField().matches("android.content.Intent.%") } } -/** - * The method `Intent.getParcelableExtra`. - */ +/** The method `Intent.getParcelableExtra`. */ class IntentGetParcelableExtraMethod extends Method { IntentGetParcelableExtraMethod() { this.hasName("getParcelableExtra") and @@ -157,9 +186,7 @@ private class BundleExtrasSyntheticField extends SyntheticField { override RefType getType() { result instanceof AndroidBundle } } -/** - * Holds if extras may be implicitly read from the Intent `node`. - */ +/** Holds if extras may be implicitly read from the Intent `node`. */ predicate allowIntentExtrasImplicitRead(DataFlow::Node node, DataFlow::Content c) { node.getType() instanceof TypeIntent and ( @@ -194,25 +221,90 @@ class GrantWriteUriPermissionFlag extends GrantUriPermissionFlag { GrantWriteUriPermissionFlag() { this.hasName("FLAG_GRANT_WRITE_URI_PERMISSION") } } +/** An instantiation of `android.content.Intent`. */ +private class NewIntent extends ClassInstanceExpr { + NewIntent() { this.getConstructedType() instanceof TypeIntent } + + /** Gets the `Class` argument of this call. */ + Argument getClassArg() { + result.getType() instanceof TypeClass and + result = this.getAnArgument() + } +} + +/** A call to a method that starts an Android component. */ +private class StartComponentMethodAccess extends MethodAccess { + StartComponentMethodAccess() { + this.getMethod().overrides*(any(StartActivityMethod m)) or + this.getMethod().overrides*(any(StartServiceMethod m)) or + this.getMethod().overrides*(any(SendBroadcastMethod m)) + } + + /** Gets the intent argument of this call. */ + Argument getIntentArg() { + result.getType() instanceof TypeIntent and + result = this.getAnArgument() + } + + /** Holds if this targets a component of type `targetType`. */ + predicate targetsComponentType(RefType targetType) { + exists(NewIntent newIntent | + DataFlow::localExprFlow(newIntent, this.getIntentArg()) and + newIntent.getClassArg().getType().(ParameterizedType).getATypeArgument() = targetType + ) + } +} + /** - * A value-preserving step from the Intent argument of a `startActivity` call to - * a `getIntent` call in the Activity the Intent pointed to in its constructor. + * A value-preserving step from the intent argument of a `startActivity` call to + * a `getIntent` call in the activity the intent targeted in its constructor. */ private class StartActivityIntentStep extends AdditionalValueStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { - exists(MethodAccess startActivity, MethodAccess getIntent, ClassInstanceExpr newIntent | - startActivity.getMethod().overrides*(any(ContextStartActivityMethod m)) and + exists(StartComponentMethodAccess startActivity, MethodAccess getIntent | + startActivity.getMethod().overrides*(any(StartActivityMethod m)) and getIntent.getMethod().overrides*(any(AndroidGetIntentMethod m)) and - newIntent.getConstructedType() instanceof TypeIntent and - DataFlow::localExprFlow(newIntent, startActivity.getArgument(0)) and - newIntent.getArgument(1).getType().(ParameterizedType).getATypeArgument() = - getIntent.getReceiverType() and - n1.asExpr() = startActivity.getArgument(0) and + startActivity.targetsComponentType(getIntent.getReceiverType()) and + n1.asExpr() = startActivity.getIntentArg() and n2.asExpr() = getIntent ) } } +/** + * A value-preserving step from the intent argument of a `sendBroadcast` call to + * the intent parameter in the `onReceive` method of the receiver the + * intent targeted in its constructor. + */ +private class SendBroadcastReceiverIntentStep extends AdditionalValueStep { + override predicate step(DataFlow::Node n1, DataFlow::Node n2) { + exists(StartComponentMethodAccess sendBroadcast, Method onReceive | + sendBroadcast.getMethod().overrides*(any(SendBroadcastMethod m)) and + onReceive.overrides*(any(AndroidReceiveIntentMethod m)) and + sendBroadcast.targetsComponentType(onReceive.getDeclaringType()) and + n1.asExpr() = sendBroadcast.getIntentArg() and + n2.asParameter() = onReceive.getParameter(1) + ) + } +} + +/** + * A value-preserving step from the intent argument of a `startService` call to + * the intent parameter in an `AndroidServiceIntentMethod` of the service the + * intent targeted in its constructor. + */ +private class StartServiceIntentStep extends AdditionalValueStep { + override predicate step(DataFlow::Node n1, DataFlow::Node n2) { + exists(StartComponentMethodAccess startService, Method serviceIntent | + startService.getMethod().overrides*(any(StartServiceMethod m)) and + serviceIntent.overrides*(any(AndroidServiceIntentMethod m)) and + startService.targetsComponentType(serviceIntent.getDeclaringType()) and + n1.asExpr() = startService.getIntentArg() and + n2.asParameter() = serviceIntent.getParameter(0) + ) + } +} + private class IntentBundleFlowSteps extends SummaryModelCsv { override predicate row(string row) { row = diff --git a/java/ql/lib/semmle/code/java/security/Files.qll b/java/ql/lib/semmle/code/java/security/Files.qll index 3d783b93d30..2cc55a1076f 100644 --- a/java/ql/lib/semmle/code/java/security/Files.qll +++ b/java/ql/lib/semmle/code/java/security/Files.qll @@ -70,3 +70,29 @@ private class WriteFileSinkModels extends SinkModelCsv { ] } } + +private class FileSummaryModels extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual", + "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual", + "java.io;File;true;getAbsoluteFile;;;Argument[-1];ReturnValue;taint;manual", + "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual", + "java.io;File;true;getCanonicalFile;;;Argument[-1];ReturnValue;taint;manual", + "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual", + "java.io;File;true;toPath;;;Argument[-1];ReturnValue;taint;manual", + "java.io;File;true;toString;;;Argument[-1];ReturnValue;taint;manual", + "java.io;File;true;toURI;;;Argument[-1];ReturnValue;taint;manual", + "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual", + "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual", + "java.nio.file;Path;true;toAbsolutePath;;;Argument[-1];ReturnValue;taint;manual", + "java.nio.file;Path;false;toFile;;;Argument[-1];ReturnValue;taint;manual", + "java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint;manual", + "java.nio.file;Path;true;toUri;;;Argument[-1];ReturnValue;taint;manual", + "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual", + "java.nio.file;FileSystem;true;getPath;;;Argument[0];ReturnValue;taint;manual", + "java.nio.file;FileSystem;true;getRootDirectories;;;Argument[0];ReturnValue;taint;manual" + ] + } +} diff --git a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll new file mode 100644 index 00000000000..bd15b0581b7 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll @@ -0,0 +1,277 @@ +/** Provides classes and predicates to reason about sanitization of path injection vulnerabilities. */ + +import java +private import semmle.code.java.controlflow.Guards +private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSources +private import semmle.code.java.dataflow.SSA + +/** A sanitizer that protects against path injection vulnerabilities. */ +abstract class PathInjectionSanitizer extends DataFlow::Node { } + +/** + * Provides a set of nodes validated by a method that uses a validation guard. + */ +private module ValidationMethod { + /** Gets a node that is safely guarded by a method that uses the given guard check. */ + DataFlow::Node getAValidatedNode() { + exists(MethodAccess ma, int pos, RValue rv | + validationMethod(ma.getMethod(), pos) and + ma.getArgument(pos) = rv and + adjacentUseUseSameVar(rv, result.asExpr()) and + ma.getBasicBlock().bbDominates(result.asExpr().getBasicBlock()) + ) + } + + /** + * Holds if `m` validates its `arg`th parameter by using `validationGuard`. + */ + private predicate validationMethod(Method m, int arg) { + exists( + Guard g, SsaImplicitInit var, ControlFlowNode exit, ControlFlowNode normexit, boolean branch + | + validationGuard(g, var.getAUse(), branch) and + var.isParameterDefinition(m.getParameter(arg)) and + exit = m and + normexit.getANormalSuccessor() = exit and + 1 = strictcount(ControlFlowNode n | n.getANormalSuccessor() = exit) + | + g.(ConditionNode).getABranchSuccessor(branch) = exit or + g.controls(normexit.getBasicBlock(), branch) + ) + } +} + +/** + * Holds if `g` is guard that compares a path to a trusted value. + */ +private predicate exactPathMatchGuard(Guard g, Expr e, boolean branch) { + exists(MethodAccess ma, RefType t | + t instanceof TypeString or + t instanceof TypeUri or + t instanceof TypePath or + t instanceof TypeFile or + t.hasQualifiedName("android.net", "Uri") + | + ma.getMethod().getDeclaringType() = t and + ma = g and + ma.getMethod().getName() = ["equals", "equalsIgnoreCase"] and + e = ma.getQualifier() and + branch = true + ) +} + +private class ExactPathMatchSanitizer extends PathInjectionSanitizer { + ExactPathMatchSanitizer() { + this = DataFlow::BarrierGuard::getABarrierNode() + or + this = ValidationMethod::getAValidatedNode() + } +} + +abstract private class PathGuard extends Guard { + abstract Expr getCheckedExpr(); +} + +private predicate anyNode(DataFlow::Node n) { any() } + +private predicate pathGuardNode(DataFlow::Node n) { n.asExpr() = any(PathGuard g).getCheckedExpr() } + +private predicate localTaintFlowToPathGuard(Expr e, PathGuard g) { + TaintTracking::LocalTaintFlow::hasExprFlow(e, g.getCheckedExpr()) +} + +private class AllowedPrefixGuard extends PathGuard instanceof MethodAccess { + AllowedPrefixGuard() { + (isStringPrefixMatch(this) or isPathPrefixMatch(this)) and + not isDisallowedWord(super.getAnArgument()) + } + + override Expr getCheckedExpr() { result = super.getQualifier() } +} + +/** + * Holds if `g` is a guard that considers a path safe because it is checked against trusted prefixes. + * This requires additional protection against path traversal, either another guard (`PathTraversalGuard`) + * or a sanitizer (`PathNormalizeSanitizer`), to ensure any internal `..` components are removed from the path. + */ +private predicate allowedPrefixGuard(Guard g, Expr e, boolean branch) { + branch = true and + // Local taint-flow is used here to handle cases where the validated expression comes from the + // expression reaching the sink, but it's not the same one, e.g.: + // File file = source(); + // String strPath = file.getCanonicalPath(); + // if (strPath.startsWith("/safe/dir")) + // sink(file); + g instanceof AllowedPrefixGuard and + localTaintFlowToPathGuard(e, g) and + exists(Expr previousGuard | + localTaintFlowToPathGuard(previousGuard.(PathNormalizeSanitizer), g) + or + previousGuard + .(PathTraversalGuard) + .controls(g.getBasicBlock(), previousGuard.(PathTraversalGuard).getBranch()) + ) +} + +private class AllowedPrefixSanitizer extends PathInjectionSanitizer { + AllowedPrefixSanitizer() { + this = DataFlow::BarrierGuard::getABarrierNode() or + this = ValidationMethod::getAValidatedNode() + } +} + +/** + * Holds if `g` is a guard that considers a path safe because it is checked for `..` components, having previously + * been checked for a trusted prefix. + */ +private predicate dotDotCheckGuard(Guard g, Expr e, boolean branch) { + // Local taint-flow is used here to handle cases where the validated expression comes from the + // expression reaching the sink, but it's not the same one, e.g.: + // Path path = source(); + // String strPath = path.toString(); + // if (!strPath.contains("..") && strPath.startsWith("/safe/dir")) + // sink(path); + branch = g.(PathTraversalGuard).getBranch() and + localTaintFlowToPathGuard(e, g) and + exists(Guard previousGuard | + previousGuard.(AllowedPrefixGuard).controls(g.getBasicBlock(), true) + or + previousGuard.(BlockListGuard).controls(g.getBasicBlock(), false) + ) +} + +private class DotDotCheckSanitizer extends PathInjectionSanitizer { + DotDotCheckSanitizer() { + this = DataFlow::BarrierGuard::getABarrierNode() or + this = ValidationMethod::getAValidatedNode() + } +} + +private class BlockListGuard extends PathGuard instanceof MethodAccess { + BlockListGuard() { + (isStringPartialMatch(this) or isPathPrefixMatch(this)) and + isDisallowedWord(super.getAnArgument()) + } + + override Expr getCheckedExpr() { result = super.getQualifier() } +} + +/** + * Holds if `g` is a guard that considers a string safe because it is checked against a blocklist of known dangerous values. + * This requires additional protection against path traversal, either another guard (`PathTraversalGuard`) + * or a sanitizer (`PathNormalizeSanitizer`), to ensure any internal `..` components are removed from the path. + */ +private predicate blockListGuard(Guard g, Expr e, boolean branch) { + branch = false and + // Local taint-flow is used here to handle cases where the validated expression comes from the + // expression reaching the sink, but it's not the same one, e.g.: + // File file = source(); + // String strPath = file.getCanonicalPath(); + // if (!strPath.contains("..") && !strPath.startsWith("/dangerous/dir")) + // sink(file); + g instanceof BlockListGuard and + localTaintFlowToPathGuard(e, g) and + exists(Expr previousGuard | + localTaintFlowToPathGuard(previousGuard.(PathNormalizeSanitizer), g) + or + previousGuard + .(PathTraversalGuard) + .controls(g.getBasicBlock(), previousGuard.(PathTraversalGuard).getBranch()) + ) +} + +private class BlockListSanitizer extends PathInjectionSanitizer { + BlockListSanitizer() { + this = DataFlow::BarrierGuard::getABarrierNode() or + this = ValidationMethod::getAValidatedNode() + } +} + +private predicate isStringPrefixMatch(MethodAccess ma) { + exists(Method m | m = ma.getMethod() and m.getDeclaringType() instanceof TypeString | + m.hasName("startsWith") + or + m.hasName("regionMatches") and + ma.getArgument(0).(CompileTimeConstantExpr).getIntValue() = 0 + or + m.hasName("matches") and + not ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().matches(".*%") + ) +} + +/** + * Holds if `ma` is a call to a method that checks a partial string match. + */ +private predicate isStringPartialMatch(MethodAccess ma) { + isStringPrefixMatch(ma) + or + ma.getMethod().getDeclaringType() instanceof TypeString and + ma.getMethod().hasName(["contains", "matches", "regionMatches", "indexOf", "lastIndexOf"]) +} + +/** + * Holds if `ma` is a call to a method that checks whether a path starts with a prefix. + */ +private predicate isPathPrefixMatch(MethodAccess ma) { + exists(RefType t | + t instanceof TypePath + or + t.hasQualifiedName("kotlin.io", "FilesKt") + | + t = ma.getMethod().getDeclaringType() and + ma.getMethod().hasName("startsWith") + ) +} + +private predicate isDisallowedWord(CompileTimeConstantExpr word) { + word.getStringValue().matches(["/", "\\", "%WEB-INF%", "%/data%"]) +} + +/** A complementary guard that protects against path traversal, by looking for the literal `..`. */ +private class PathTraversalGuard extends PathGuard { + PathTraversalGuard() { + exists(MethodAccess ma | + ma.getMethod().getDeclaringType() instanceof TypeString and + ma.getAnArgument().(CompileTimeConstantExpr).getStringValue() = ".." + | + this = ma and + ma.getMethod().hasName("contains") + or + exists(EqualityTest eq | + this = eq and + ma.getMethod().hasName(["indexOf", "lastIndexOf"]) and + eq.getAnOperand() = ma and + eq.getAnOperand().(CompileTimeConstantExpr).getIntValue() = -1 + ) + ) + } + + override Expr getCheckedExpr() { + exists(MethodAccess ma | ma = this.(EqualityTest).getAnOperand() or ma = this | + result = ma.getQualifier() + ) + } + + boolean getBranch() { + this instanceof MethodAccess and result = false + or + result = this.(EqualityTest).polarity() + } +} + +/** A complementary sanitizer that protects against path traversal using path normalization. */ +private class PathNormalizeSanitizer extends MethodAccess { + PathNormalizeSanitizer() { + exists(RefType t | + t instanceof TypePath or + t.hasQualifiedName("kotlin.io", "FilesKt") + | + this.getMethod().getDeclaringType() = t and + this.getMethod().hasName("normalize") + ) + or + this.getMethod().getDeclaringType() instanceof TypeFile and + this.getMethod().hasName(["getCanonicalPath", "getCanonicalFile"]) + } +} diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll new file mode 100644 index 00000000000..9a12d075e46 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll @@ -0,0 +1,87 @@ +/** Provides classes to reason about vulnerabilites related to content URIs. */ + +import java +private import semmle.code.java.dataflow.TaintTracking +private import semmle.code.java.frameworks.android.Android +private import semmle.code.java.security.PathSanitizer + +/** A URI that gets resolved by a `ContentResolver`. */ +abstract class ContentUriResolutionSink extends DataFlow::Node { } + +/** A sanitizer for content URIs. */ +abstract class ContentUriResolutionSanitizer extends DataFlow::Node { } + +/** + * A unit class for adding additional taint steps to configurations related to + * content URI resolution vulnerabilities. + */ +class ContentUriResolutionAdditionalTaintStep extends Unit { + /** Holds if the step from `node1` to `node2` should be considered an additional taint step. */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); +} + +/** The URI argument of a call to a `ContentResolver` URI-opening method. */ +private class DefaultContentUriResolutionSink extends ContentUriResolutionSink { + DefaultContentUriResolutionSink() { + exists(MethodAccess ma | + ma.getMethod() instanceof UriOpeningContentResolverMethod and + this.asExpr() = ma.getAnArgument() and + this.getType().(RefType).hasQualifiedName("android.net", "Uri") + ) + } +} + +/** A `ContentResolver` method that resolves a URI. */ +private class UriOpeningContentResolverMethod extends Method { + UriOpeningContentResolverMethod() { + this.hasName([ + "openInputStream", "openOutputStream", "openAssetFile", "openAssetFileDescriptor", + "openFile", "openFileDescriptor", "openTypedAssetFile", "openTypedAssetFileDescriptor", + ]) and + this.getDeclaringType() instanceof AndroidContentResolver + } +} + +private class UninterestingTypeSanitizer extends ContentUriResolutionSanitizer { + UninterestingTypeSanitizer() { + this.getType() instanceof BoxedType or + this.getType() instanceof PrimitiveType or + this.getType() instanceof NumberType + } +} + +private class PathSanitizer extends ContentUriResolutionSanitizer instanceof PathInjectionSanitizer { +} + +private class FilenameOnlySanitizer extends ContentUriResolutionSanitizer { + FilenameOnlySanitizer() { + exists(Method m | this.asExpr().(MethodAccess).getMethod() = m | + m.hasQualifiedName("java.io", "File", "getName") or + m.hasQualifiedName("kotlin.io", "FilesKt", ["getNameWithoutExtension", "getExtension"]) or + m.hasQualifiedName("org.apache.commons.io", "FilenameUtils", "getName") + ) + } +} + +/** + * A `ContentUriResolutionSink` that flows to an image-decoding function. + * Such functions raise exceptions when the input is not a valid image, + * which prevents accessing arbitrary non-image files. + */ +private class DecodedAsAnImageSanitizer extends ContentUriResolutionSanitizer { + DecodedAsAnImageSanitizer() { + exists(Argument decodeArg, MethodAccess decode | + decode.getArgument(0) = decodeArg and + decode + .getMethod() + .hasQualifiedName("android.graphics", "BitmapFactory", + [ + "decodeByteArray", "decodeFile", "decodeFileDescriptor", "decodeResource", + "decodeStream" + ]) + | + TaintTracking::localExprTaint(this.(ContentUriResolutionSink).asExpr().(Argument).getCall(), + decodeArg) + ) + } +} diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll new file mode 100644 index 00000000000..b362a5dceeb --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -0,0 +1,24 @@ +/** Provides taint tracking configurations to be used in unsafe content URI resolution queries. */ + +import java +import semmle.code.java.dataflow.ExternalFlow +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.dataflow.TaintTracking +import semmle.code.java.security.UnsafeContentUriResolution + +/** A taint-tracking configuration to find paths from remote sources to content URI resolutions. */ +class UnsafeContentResolutionConf extends TaintTracking::Configuration { + UnsafeContentResolutionConf() { this = "UnsafeContentResolutionConf" } + + override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + + override predicate isSink(DataFlow::Node sink) { sink instanceof ContentUriResolutionSink } + + override predicate isSanitizer(DataFlow::Node sanitizer) { + sanitizer instanceof ContentUriResolutionSanitizer + } + + override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + any(ContentUriResolutionAdditionalTaintStep s).step(node1, node2) + } +} diff --git a/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll b/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll index d006837466b..4a608890249 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll @@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat // // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself. // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`. - // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`, + // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`, // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently. r1 = r2 and q1 = q2 and diff --git a/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll b/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll index 5112bdad11e..a6e4db6764e 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll @@ -59,8 +59,8 @@ predicate matchesEpsilon(RegExpTerm t) { /** * A lookahead/lookbehind that matches the empty string. */ -class EmptyPositiveSubPatttern extends RegExpSubPattern { - EmptyPositiveSubPatttern() { +class EmptyPositiveSubPattern extends RegExpSubPattern { + EmptyPositiveSubPattern() { ( this instanceof RegExpPositiveLookahead or @@ -70,6 +70,9 @@ class EmptyPositiveSubPatttern extends RegExpSubPattern { } } +/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */ +deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern; + /** * A branch in a disjunction that is the root node in a literal, or a literal * whose root node is not a disjunction. @@ -133,7 +136,7 @@ private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) { } /** - * Gets a string reperesentation of the flags used with the regular expression. + * Gets a string representation of the flags used with the regular expression. * Only the flags that are relevant for the canonicalization are included. */ string getCanonicalizationFlags(RegExpTerm root) { @@ -334,7 +337,7 @@ private module CharacterClasses { ) } - private string lowercaseLetter() { result = "abdcefghijklmnopqrstuvwxyz".charAt(_) } + private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) } private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) } @@ -697,9 +700,7 @@ predicate delta(State q1, EdgeLabel lbl, State q2) { lbl = Epsilon() and q2 = Accept(getRoot(dollar)) ) or - exists(EmptyPositiveSubPatttern empty | q1 = before(empty) | - lbl = Epsilon() and q2 = after(empty) - ) + exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty)) } /** @@ -1028,7 +1029,7 @@ module ReDoSPruning { * as the suffix "X" will cause both the regular expressions to be rejected. * * The string `w` is repeated any number of times because it needs to be - * infinitely repeatedable for the attack to work. + * infinitely repeatable for the attack to work. * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes. */ diff --git a/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll b/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll index c818e89ffa6..14a69dc0644 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll @@ -76,7 +76,7 @@ class StateTuple extends TStateTuple { StateTuple() { this = MkStateTuple(q1, q2, q3) } /** - * Gest a string repesentation of this tuple. + * Gest a string representation of this tuple. */ string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" } diff --git a/java/ql/lib/semmle/code/xml/AndroidManifest.qll b/java/ql/lib/semmle/code/xml/AndroidManifest.qll index f53da67a650..c18b32751ed 100644 --- a/java/ql/lib/semmle/code/xml/AndroidManifest.qll +++ b/java/ql/lib/semmle/code/xml/AndroidManifest.qll @@ -180,6 +180,17 @@ class AndroidProviderXmlElement extends AndroidComponentXmlElement { attr.getValue() = "true" ) } + + /** + * Holds if the provider element is only protected by either `android:readPermission` or `android:writePermission`. + */ + predicate hasIncompletePermissions() { + ( + this.getAnAttribute().(AndroidPermissionXmlAttribute).isWrite() or + this.getAnAttribute().(AndroidPermissionXmlAttribute).isRead() + ) and + not this.requiresPermissions() + } } /** diff --git a/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/old.dbscheme b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/old.dbscheme new file mode 100644 index 00000000000..ecb42310286 --- /dev/null +++ b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/old.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar ; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/semmlecode.dbscheme b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/semmlecode.dbscheme new file mode 100644 index 00000000000..709f1d1fd04 --- /dev/null +++ b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/semmlecode.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar | @typevariable; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/upgrade.properties b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/upgrade.properties new file mode 100644 index 00000000000..9d0da86d308 --- /dev/null +++ b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/upgrade.properties @@ -0,0 +1,2 @@ +description: Make type parameters modifiable +compatibility: backwards diff --git a/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql b/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql index 1ad81badd22..dc73fb8fcdb 100644 --- a/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql +++ b/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql @@ -23,6 +23,8 @@ where m.overrides(overridden) and not m.hasModifier("override") and not m.isOverrideAnnotated() and - not exists(FunctionalExpr mref | mref.asMethod() = m) + not exists(FunctionalExpr mref | mref.asMethod() = m) and + // Ignore generated constructs, such as functions extracted from Kotlin code: + not m.isCompilerGenerated() select m, "This method overrides $@; it is advisable to add an Override annotation.", overridden, overridden.getDeclaringType() + "." + overridden.getName() diff --git a/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql b/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql index 3111c704b4d..7f8f4d4f983 100644 --- a/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql +++ b/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql @@ -11,15 +11,9 @@ import java -ClassOrInterface getTaggedType(ThrowsTag tag) { +RefType getTaggedType(ThrowsTag tag) { result.hasName(tag.getExceptionName()) and - result = tag.getFile().(CompilationUnit).getATypeInScope() -} - -predicate canThrow(Callable callable, Class exception) { - exception instanceof UncheckedThrowableType - or - callable.getAnException().getType().getADescendant() = exception + exists(ImportType i | i.getFile() = tag.getFile() | i.getImportedType() = result) } // Uses ClassOrInterface as type for thrownType to also cover case where erroneously an interface @@ -28,7 +22,8 @@ from ThrowsTag throwsTag, ClassOrInterface thrownType, Callable docMethod where getTaggedType(throwsTag) = thrownType and docMethod.getDoc().getJavadoc().getAChild*() = throwsTag and - not canThrow(docMethod, thrownType) + not thrownType instanceof UncheckedThrowableType and + not docMethod.getAnException().getType().getADescendant() = thrownType select throwsTag, "Javadoc for " + docMethod + " claims to throw " + thrownType.getName() + " but this is impossible." diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 4f6633176f4..055d1327b06 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.4.1 + +### New Queries + +* Added a new query, `java/android/webview-debugging-enabled`, to detect instances of WebView debugging being enabled in production builds. + +### Minor Analysis Improvements + +* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages. +* `PathSanitizer.qll` has been promoted from experimental to the main query pack. This sanitizer was originally [submitted as part of an experimental query by @luchua-bc](https://github.com/github/codeql/pull/7286). +* The queries `java/path-injection`, `java/path-injection-local` and `java/zipslip` now use the sanitizers provided by `PathSanitizer.qll`. + ## 0.4.0 ### New Queries diff --git a/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql b/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql index 161c9f17e42..0a1f2fd6caf 100644 --- a/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +++ b/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql @@ -4,6 +4,7 @@ * were extracted without encountering an error in the file. * @kind diagnostic * @id java/diagnostics/successfully-extracted-files + * @tags successfully-extracted-files */ import java diff --git a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/MissingParentBean.ql b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/MissingParentBean.ql index dee5f78b675..8446976b0cb 100644 --- a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/MissingParentBean.ql +++ b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/MissingParentBean.ql @@ -34,6 +34,6 @@ where bean1.getBeanIdentifier() < bean2.getBeanIdentifier() and bean1 != bean2 select bean1, - "Bean $@ has " + similarProps.toString() + + "This bean has " + similarProps.toString() + " properties similar to $@. Consider introducing a common parent bean for these two beans.", - bean1, bean1.getBeanIdentifier(), bean2, bean2.getBeanIdentifier() + bean2, bean2.getBeanIdentifier() diff --git a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp index 1c32e1cf952..7d4dfcf82a6 100644 --- a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp +++ b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp @@ -16,7 +16,7 @@ A bean definition is considered to be used if one or more of the following is tr
  • The bean is injected in to a constructor or method of a live bean due to autowiring. This includes autowiring by annotation (@Autowired or @Inject), and autowiring configured by the autowired attribute within bean configuration files.
    • -
  • The bean is explictly loaded from a factory bean. It is not always possible to determine when +
  • The bean is explicitly loaded from a factory bean. It is not always possible to determine when this occurs, because factory beans are loaded using a String value, which may contain arbitrary values.
  • The bean is called reflectively by the Spring framework. For example, if the class is a Spring diff --git a/java/ql/src/Frameworks/Spring/Violations of Best Practice/ParentShouldNotUseAbstractClass.ql b/java/ql/src/Frameworks/Spring/Violations of Best Practice/ParentShouldNotUseAbstractClass.ql index cc7807a048c..cf3d4d03c7e 100644 --- a/java/ql/src/Frameworks/Spring/Violations of Best Practice/ParentShouldNotUseAbstractClass.ql +++ b/java/ql/src/Frameworks/Spring/Violations of Best Practice/ParentShouldNotUseAbstractClass.ql @@ -26,5 +26,4 @@ class ParentBean extends SpringBean { from ParentBean parent where parent.getDeclaredClass().isAbstract() -select parent, "Parent bean $@ should not have an abstract class.", parent, - parent.getBeanIdentifier() +select parent, "This parent bean should not have an abstract class." diff --git a/java/ql/src/Language Abuse/UselessNullCheck.ql b/java/ql/src/Language Abuse/UselessNullCheck.ql index ec651428a20..93e5a92c307 100644 --- a/java/ql/src/Language Abuse/UselessNullCheck.ql +++ b/java/ql/src/Language Abuse/UselessNullCheck.ql @@ -21,10 +21,11 @@ where e = clearlyNotNullExpr(reason) and ( if reason instanceof Guard - then msg = "This check is useless, $@ cannot be null here, since it is guarded by $@." + then msg = "This check is useless. $@ cannot be null at this check, since it is guarded by $@." else if reason != e - then msg = "This check is useless, $@ cannot be null here, since $@ always is non-null." + then + msg = "This check is useless. $@ cannot be null at this check, since $@ always is non-null." else msg = "This check is useless, since $@ always is non-null." ) select guard, msg, e, e.toString(), reason, reason.toString() diff --git a/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql b/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql index 46b7c599f24..8784b7ccd00 100644 --- a/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql +++ b/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql @@ -72,5 +72,5 @@ where remove.getCallee().hasName("remove") and iterOfSpecialCollection(remove.getQualifier(), scc) select remove, - "This call may fail when iterating over the collection created $@, since it does not support element removal.", - scc, "here" + "This call may fail when iterating over $@, since it does not support element removal.", scc, + "the collection" diff --git a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql index 0b8b1b9098b..1f05298878a 100644 --- a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +++ b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql @@ -30,6 +30,8 @@ predicate hasTypeTest(Variable v) { or any(SafeCastExpr sce).getExpr() = v.getAnAccess() or + any(ClassExpr c).getExpr() = v.getAnAccess() + or exists(MethodAccess ma | ma.getMethod().getName() = "getClass" and ma.getQualifier() = v.getAnAccess() @@ -77,4 +79,4 @@ where // Exclude `equals` methods that implement reference-equality. not m instanceof ReferenceEquals and not m instanceof UnimplementedEquals -select m, "equals() method does not check argument type." +select m, "This 'equals()' method does not check argument type." diff --git a/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql b/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql index b66b8e7323a..b5ebc3a951c 100644 --- a/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql +++ b/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql @@ -21,4 +21,4 @@ where eq.getAnOperand() = f.getAnAccess() and nanField(f) and f.getDeclaringType().hasName(classname) select eq, "This comparison will always yield the same result since 'NaN != NaN'. Consider using " + - classname + ".isNaN instead" + classname + ".isNaN instead." diff --git a/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp b/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp index 274eb6b1608..28bdebf85b1 100644 --- a/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp +++ b/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp @@ -62,7 +62,7 @@ runtime.

    The code above should be rewritten to both use volatile and finish all initialization before f is updated. Additionally, a local -variable can be used to avoid reading the field more times than neccessary. +variable can be used to avoid reading the field more times than necessary.

    diff --git a/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql b/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql index ad2041d2a3b..411618ef4bd 100644 --- a/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql +++ b/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql @@ -23,4 +23,4 @@ where ma.getEnclosingStmt().getEnclosingStmt*() instanceof SynchronizedStmt or ma.getEnclosingCallable().isSynchronized() ) -select ma, "sleep() with lock held." +select ma, "This calls 'Thread.sleep()' with a lock held." diff --git a/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql b/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql index b090eaa03e2..4c9896e0223 100644 --- a/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql +++ b/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql @@ -27,4 +27,4 @@ where ma.getMethod().getDeclaringType().hasQualifiedName("java.lang", "Object") and ma.getEnclosingStmt().getEnclosingStmt*() = synch and synch.getEnclosingStmt+() instanceof Synched -select ma, "wait() with two locks held." +select ma, "This calls 'Object.wait()' with two locks held." diff --git a/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql b/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql index 4fde13f8019..c61c5a263e8 100644 --- a/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +++ b/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql @@ -46,5 +46,5 @@ predicate contradictoryTypeCheck(Expr e, Variable v, RefType t, RefType sup, Exp from Expr e, Variable v, RefType t, RefType sup, Expr cond where contradictoryTypeCheck(e, v, t, sup, cond) -select e, "Variable $@ cannot be of type $@ here, since $@ ensures that it is not of type $@.", v, +select e, "This access of $@ cannot be of type $@, since $@ ensures that it is not of type $@.", v, v.getName(), t, t.getName(), cond, "this expression", sup, sup.getName() diff --git a/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql b/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql index 3ae663ff764..83eb99d7498 100644 --- a/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql +++ b/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql @@ -45,5 +45,4 @@ predicate sameVariable(VarAccess left, VarAccess right) { from AssignExpr assign where sameVariable(assign.getDest(), assign.getSource()) select assign, - "This assigns the variable " + assign.getDest().(VarAccess).getVariable().getName() + - " to itself and has no effect." + "This expression assigns " + assign.getDest().(VarAccess).getVariable().getName() + " to itself." diff --git a/java/ql/src/Likely Bugs/Nullness/NullAlways.ql b/java/ql/src/Likely Bugs/Nullness/NullAlways.ql index 6e07f875022..c52c43acc55 100644 --- a/java/ql/src/Likely Bugs/Nullness/NullAlways.ql +++ b/java/ql/src/Likely Bugs/Nullness/NullAlways.ql @@ -17,4 +17,5 @@ private import semmle.code.java.dataflow.Nullness from VarAccess access, SsaSourceVariable var where alwaysNullDeref(var, access) -select access, "Variable $@ is always null here.", var.getVariable(), var.getVariable().getName() +select access, "Variable $@ is always null at this dereference.", var.getVariable(), + var.getVariable().getName() diff --git a/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql b/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql index 13a800ae539..eedb2907f46 100644 --- a/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql +++ b/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql @@ -24,5 +24,5 @@ where not alwaysNullDeref(var, access) and // Kotlin enforces this already: not access.getLocation().getFile().isKotlinSourceFile() -select access, "Variable $@ may be null here " + msg + ".", var.getVariable(), +select access, "Variable $@ may be null at this access " + msg + ".", var.getVariable(), var.getVariable().getName(), reason, "this" diff --git a/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql b/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql index 90b638daa80..af86d90d690 100644 --- a/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql +++ b/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql @@ -22,4 +22,4 @@ where not f.getType().hasName("long") ) and f.getDeclaringType().getAStrictAncestor() instanceof TypeSerializable -select f, "serialVersionUID should be final, static, and of type long." +select f, "'serialVersionUID' should be final, static, and of type long." diff --git a/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql b/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql index c64947a07a8..e729daa59e2 100644 --- a/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql +++ b/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql @@ -106,4 +106,5 @@ where else multiCatchMsg = "" select try.getCatchClause(second), "This catch-clause is unreachable" + multiCatchMsg + "; it is masked $@.", - try.getCatchClause(first), "here for exceptions of type '" + masking.getName() + "'" + try.getCatchClause(first), + "by a previous catch-clause for exceptions of type '" + masking.getName() + "'" diff --git a/java/ql/src/Performance/InefficientOutputStream.ql b/java/ql/src/Performance/InefficientOutputStream.ql index 3eb7ef18bf5..e0b501a886c 100644 --- a/java/ql/src/Performance/InefficientOutputStream.ql +++ b/java/ql/src/Performance/InefficientOutputStream.ql @@ -36,5 +36,5 @@ where // This is the case is some dummy implementations. exists(MethodAccess ma | ma.getEnclosingCallable() = m | ma.getMethod().getName() = "write") select c, - "This class extends java.io.OutputStream and implements $@, but does not override write(byte[],int,int)", + "This class extends 'java.io.OutputStream' and implements $@, but does not override 'write(byte[],int,int)'.", m, m.getName() diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql index c9ea50c6f29..aedc7fc4b2c 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -17,36 +17,26 @@ import java import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.security.PathCreation +import semmle.code.java.security.PathSanitizer import DataFlow::PathGraph import TaintedPathCommon -predicate containsDotDotSanitizer(Guard g, Expr e, boolean branch) { - exists(MethodAccess contains | g = contains | - contains.getMethod().hasName("contains") and - contains.getAnArgument().(StringLiteral).getValue() = ".." and - e = contains.getQualifier() and - branch = false - ) -} - class TaintedPathConfig extends TaintTracking::Configuration { TaintedPathConfig() { this = "TaintedPathConfig" } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSink(DataFlow::Node sink) { - ( - sink.asExpr() = any(PathCreation p).getAnInput() - or - sinkNode(sink, "create-file") - ) and - not guarded(sink.asExpr()) + sink.asExpr() = any(PathCreation p).getAnInput() + or + sinkNode(sink, "create-file") } - override predicate isSanitizer(DataFlow::Node node) { - exists(Type t | t = node.getType() | t instanceof BoxedType or t instanceof PrimitiveType) - or - node = DataFlow::BarrierGuard::getABarrierNode() + override predicate isSanitizer(DataFlow::Node sanitizer) { + sanitizer.getType() instanceof BoxedType or + sanitizer.getType() instanceof PrimitiveType or + sanitizer.getType() instanceof NumberType or + sanitizer instanceof PathInjectionSanitizer } override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { @@ -70,5 +60,5 @@ DataFlow::Node getReportingNode(DataFlow::Node sink) { from DataFlow::PathNode source, DataFlow::PathNode sink, TaintedPathConfig conf where conf.hasFlowPath(source, sink) -select getReportingNode(sink.getNode()), source, sink, "$@ flows to here and is used in a path.", - source.getNode(), "User-provided value" +select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPathCommon.qll b/java/ql/src/Security/CWE/CWE-022/TaintedPathCommon.qll index 0e826a6fc01..418931d9a0d 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPathCommon.qll +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathCommon.qll @@ -3,8 +3,6 @@ */ import java -import semmle.code.java.controlflow.Guards -import semmle.code.java.security.PathCreation import semmle.code.java.frameworks.Networking import semmle.code.java.dataflow.DataFlow @@ -48,29 +46,3 @@ private class TaintPreservingUriCtorParam extends Parameter { ) } } - -private predicate inWeakCheck(Expr e) { - // None of these are sufficient to guarantee that a string is safe. - exists(MethodAccess m, Method def | m.getQualifier() = e and m.getMethod() = def | - def.getName() = "startsWith" or - def.getName() = "endsWith" or - def.getName() = "isEmpty" or - def.getName() = "equals" - ) - or - // Checking against `null` has no bearing on path traversal. - exists(EqualityTest b | b.getAnOperand() = e | b.getAnOperand() instanceof NullLiteral) -} - -// Ignore cases where the variable has been checked somehow, -// but allow some particularly obviously bad cases. -predicate guarded(VarAccess e) { - exists(PathCreation p | e = p.getAnInput()) and - exists(ConditionBlock cb, Expr c | - cb.getCondition().getAChildExpr*() = c and - c = e.getVariable().getAnAccess() and - cb.controls(e.getBasicBlock(), true) and - // Disallow a few obviously bad checks. - not inWeakCheck(c) - ) -} diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql index 9f138d138a6..506dc2ad65e 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql @@ -15,7 +15,9 @@ import java import semmle.code.java.dataflow.FlowSources +private import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.security.PathCreation +import semmle.code.java.security.PathSanitizer import DataFlow::PathGraph import TaintedPathCommon @@ -26,6 +28,15 @@ class TaintedPathLocalConfig extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(PathCreation p).getAnInput() + or + sinkNode(sink, "create-file") + } + + override predicate isSanitizer(DataFlow::Node sanitizer) { + sanitizer.getType() instanceof BoxedType or + sanitizer.getType() instanceof PrimitiveType or + sanitizer.getType() instanceof NumberType or + sanitizer instanceof PathInjectionSanitizer } override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { @@ -33,13 +44,21 @@ class TaintedPathLocalConfig extends TaintTracking::Configuration { } } -from - DataFlow::PathNode source, DataFlow::PathNode sink, PathCreation p, Expr e, - TaintedPathLocalConfig conf -where - e = sink.getNode().asExpr() and - e = p.getAnInput() and - conf.hasFlowPath(source, sink) and - not guarded(e) -select p, source, sink, "$@ flows to here and is used in a path.", source.getNode(), - "User-provided value" +/** + * Gets the data-flow node at which to report a path ending at `sink`. + * + * Previously this query flagged alerts exclusively at `PathCreation` sites, + * so to avoid perturbing existing alerts, where a `PathCreation` exists we + * continue to report there; otherwise we report directly at `sink`. + */ +DataFlow::Node getReportingNode(DataFlow::Node sink) { + any(TaintedPathLocalConfig c).hasFlowTo(sink) and + if exists(PathCreation pc | pc.getAnInput() = sink.asExpr()) + then result.asExpr() = any(PathCreation pc | pc.getAnInput() = sink.asExpr()) + else result = sink +} + +from DataFlow::PathNode source, DataFlow::PathNode sink, TaintedPathLocalConfig conf +where conf.hasFlowPath(source, sink) +select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql index 3afab0936c0..3f63123cfb6 100644 --- a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +++ b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql @@ -16,6 +16,7 @@ import java import semmle.code.java.controlflow.Guards import semmle.code.java.dataflow.SSA import semmle.code.java.dataflow.TaintTracking +import semmle.code.java.security.PathSanitizer import DataFlow import PathGraph private import semmle.code.java.dataflow.ExternalFlow @@ -35,89 +36,6 @@ class ArchiveEntryNameMethod extends Method { } } -/** - * Holds if `n1` to `n2` is a dataflow step that converts between `String`, - * `File`, and `Path`. - */ -predicate filePathStep(ExprNode n1, ExprNode n2) { - exists(ConstructorCall cc | cc.getConstructedType() instanceof TypeFile | - n1.asExpr() = cc.getAnArgument() and - n2.asExpr() = cc - ) - or - exists(MethodAccess ma, Method m | - ma.getMethod() = m and - n1.asExpr() = ma.getQualifier() and - n2.asExpr() = ma - | - m.getDeclaringType() instanceof TypeFile and m.hasName("toPath") - or - m.getDeclaringType() instanceof TypePath and m.hasName("toAbsolutePath") - or - m.getDeclaringType() instanceof TypePath and m.hasName("toFile") - ) -} - -predicate fileTaintStep(ExprNode n1, ExprNode n2) { - exists(MethodAccess ma, Method m | - n1.asExpr() = ma.getQualifier() or - n1.asExpr() = ma.getAnArgument() - | - n2.asExpr() = ma and - ma.getMethod() = m and - m.getDeclaringType() instanceof TypePath and - m.hasName("resolve") - ) -} - -predicate localFileValueStep(Node n1, Node n2) { - localFlowStep(n1, n2) or - filePathStep(n1, n2) -} - -predicate localFileValueStepPlus(Node n1, Node n2) = fastTC(localFileValueStep/2)(n1, n2) - -/** - * Holds if `check` is a guard that checks whether `var` is a file path with a - * specific prefix when put in canonical form, thus guarding against ZipSlip. - */ -predicate validateFilePath(SsaVariable var, Guard check) { - // `var.getCanonicalFile().toPath().startsWith(...)`, - // `var.getCanonicalPath().startsWith(...)`, or - // `var.toPath().normalize().startsWith(...)` - exists(MethodAccess normalize, MethodAccess startsWith, Node n1, Node n2, Node n3, Node n4 | - n1.asExpr() = var.getAUse() and - n2.asExpr() = normalize.getQualifier() and - (n1 = n2 or localFileValueStepPlus(n1, n2)) and - n3.asExpr() = normalize and - n4.asExpr() = startsWith.getQualifier() and - (n3 = n4 or localFileValueStepPlus(n3, n4)) and - check = startsWith and - startsWith.getMethod().hasName("startsWith") and - ( - normalize.getMethod().hasName("getCanonicalFile") or - normalize.getMethod().hasName("getCanonicalPath") or - normalize.getMethod().hasName("normalize") - ) - ) -} - -/** - * Holds if `m` validates its `arg`th parameter. - */ -predicate validationMethod(Method m, int arg) { - exists(Guard check, SsaImplicitInit var, ControlFlowNode exit, ControlFlowNode normexit | - validateFilePath(var, check) and - var.isParameterDefinition(m.getParameter(arg)) and - exit = m and - normexit.getANormalSuccessor() = exit and - 1 = strictcount(ControlFlowNode n | n.getANormalSuccessor() = exit) - | - check.(ConditionNode).getATrueSuccessor() = exit or - check.controls(normexit.getBasicBlock(), true) - ) -} - class ZipSlipConfiguration extends TaintTracking::Configuration { ZipSlipConfiguration() { this = "ZipSlip" } @@ -127,24 +45,7 @@ class ZipSlipConfiguration extends TaintTracking::Configuration { override predicate isSink(Node sink) { sink instanceof FileCreationSink } - override predicate isAdditionalTaintStep(Node n1, Node n2) { - filePathStep(n1, n2) or fileTaintStep(n1, n2) - } - - override predicate isSanitizer(Node node) { - exists(Guard g, SsaVariable var, RValue varuse | validateFilePath(var, g) | - varuse = node.asExpr() and - varuse = var.getAUse() and - g.controls(varuse.getBasicBlock(), true) - ) - or - exists(MethodAccess ma, int pos, RValue rv | - validationMethod(ma.getMethod(), pos) and - ma.getArgument(pos) = rv and - adjacentUseUseSameVar(rv, node.asExpr()) and - ma.getBasicBlock().bbDominates(node.asExpr().getBasicBlock()) - ) - } + override predicate isSanitizer(Node node) { node instanceof PathInjectionSanitizer } } /** diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql index 5ea391b031b..5b6a081f07a 100644 --- a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +++ b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql @@ -13,4 +13,4 @@ import semmle.code.java.security.PartialPathTraversal from PartialPathTraversalMethodAccess ma -select ma, "Partial Path Traversal Vulnerability due to insufficient guard against path traversal" +select ma, "Partial Path Traversal Vulnerability due to insufficient guard against path traversal." diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql index f8fed8fd529..8ef4ab45853 100644 --- a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +++ b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql @@ -16,4 +16,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink where any(PartialPathTraversalFromRemoteConfig config).hasFlowPath(source, sink) select sink.getNode(), source, sink, - "Partial Path Traversal Vulnerability due to insufficient guard against path traversal from user-supplied data" + "Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@.", + source, "user-supplied data" diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql index a1e60c0bf41..4c275f1cacd 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql @@ -20,5 +20,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, ArgumentToExec execArg where execTainted(source, sink, execArg) -select execArg, source, sink, "$@ flows to here and is used in a command.", source.getNode(), - "User-provided value" +select execArg, source, sink, "This command line depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql index febd020db46..e246d231da1 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql @@ -38,5 +38,5 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, ArgumentToExec execArg, LocalUserInputToArgumentToExecFlowConfig conf where conf.hasFlowPath(source, sink) and sink.getNode().asExpr() = execArg -select execArg, source, sink, "$@ flows to here and is used in a command.", source.getNode(), - "User-provided value" +select execArg, source, sink, "This command line depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.ql b/java/ql/src/Security/CWE/CWE-079/XSS.ql index c488a5d08d4..fe071334c48 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSS.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql @@ -34,5 +34,5 @@ class XssConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, XssConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.", +select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql index 576b0820e0a..963a927bf93 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql @@ -19,5 +19,4 @@ import DataFlow::PathGraph from QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink where queryTaintedBy(query, source, sink) -select query, source, sink, "This SQL query depends on $@.", source.getNode(), - "a user-provided value" +select query, source, sink, "This query depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql index acd4f9d8df5..d6c874e1fd8 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql @@ -36,5 +36,5 @@ class LocalUserInputToQueryInjectionFlowConfig extends TaintTracking::Configurat from DataFlow::PathNode source, DataFlow::PathNode sink, LocalUserInputToQueryInjectionFlowConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Query might include code from $@.", source.getNode(), - "this user input" +select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql index df57a810033..b263c7484a6 100644 --- a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +++ b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql @@ -18,5 +18,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, LdapInjectionFlowConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "LDAP query might include code from $@.", source.getNode(), - "this user input" +select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql b/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql index 0b81173d83a..f1febd7aa2c 100644 --- a/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, GroovyInjectionConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Groovy Injection from $@.", source.getNode(), - "this user input" +select sink.getNode(), source, sink, "Groovy script depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql index a673142f810..2f8e11b207b 100644 --- a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +++ b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql @@ -80,5 +80,5 @@ where exists(SetMessageInterpolatorCall c | not c.isSafe()) ) and cfg.hasFlowPath(source, sink) -select sink.getNode(), source, sink, - "Custom constraint error message contains unsanitized user data" +select sink.getNode(), source, sink, "Custom constraint error message contains an unsanitized $@.", + source, "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql b/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql index 26585e5d2dc..3e3cd793c05 100644 --- a/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql @@ -17,4 +17,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, JexlInjectionConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "JEXL injection from $@.", source.getNode(), "this user input" +select sink.getNode(), source, sink, "JEXL expression depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql b/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql index 17bb576dab2..af623ac6ed9 100644 --- a/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql @@ -17,4 +17,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, MvelInjectionFlowConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "MVEL injection from $@.", source.getNode(), "this user input" +select sink.getNode(), source, sink, "MVEL expression depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql b/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql index 8b726e5e623..d6cc8f33c82 100644 --- a/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql @@ -18,4 +18,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, SpelInjectionConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "SpEL injection from $@.", source.getNode(), "this user input" +select sink.getNode(), source, sink, "SpEL expression depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql b/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql index 6ddd8cfd2c9..8085c3ec314 100644 --- a/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from TemplateInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Potential arbitrary code execution due to $@.", - source.getNode(), "a template value loaded from a remote source." +select sink.getNode(), source, sink, "Template, which may contain code, depends on a $@.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql index a6c14986cdb..641ac5399a0 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql @@ -47,5 +47,6 @@ class ResponseSplittingConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, ResponseSplittingConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Response-splitting vulnerability due to this $@.", +select sink.getNode(), source, sink, + "This header depends on a $@, which may cause a response-splitting vulnerability.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql index 608636982c9..89af15339d0 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql @@ -31,5 +31,6 @@ class ResponseSplittingLocalConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, ResponseSplittingLocalConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Response-splitting vulnerability due to this $@.", +select sink.getNode(), source, sink, + "This header depends on a $@, which may cause a response-splitting vulnerability.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql index be4144fea0b..81f545baee9 100644 --- a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +++ b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from LogInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) -select source.getNode(), source, sink, "This user-provided value flows to a $@.", sink.getNode(), - "log entry" +select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql index 8ccf937355c..032f2f4ce3c 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql @@ -33,5 +33,5 @@ where sizeExpr = sink.getNode().asExpr() and any(Conf conf).hasFlowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, - "The $@ is accessed here, but the array is initialized using $@ which may be zero.", - arrayCreation, "array", source.getNode(), "User-provided value" + "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation, + "array", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql index 62038fe73a6..3d07f044a7c 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql @@ -38,5 +38,5 @@ where boundedsource = source.getNode() and any(BoundedFlowSourceConf conf).hasFlowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, - "The $@ is accessed here, but the array is initialized using $@ which may be zero.", - arrayCreation, "array", boundedsource, boundedsource.getDescription().toLowerCase() + "This accesses the $@, but the array is initialized using $@ which may be zero.", arrayCreation, + "array", boundedsource, boundedsource.getDescription().toLowerCase() diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql index db7dfc0aec5..ebb91acbc24 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql @@ -34,5 +34,5 @@ where sizeExpr = sink.getNode().asExpr() and any(Conf conf).hasFlowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, - "The $@ is accessed here, but the array is initialized using $@ which may be zero.", - arrayCreation, "array", source.getNode(), "User-provided value" + "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation, + "array", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql index 4cc9c58e64f..d3a78f1ab96 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql @@ -32,5 +32,5 @@ where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and any(Conf conf).hasFlowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, - "$@ flows to here and is used as an index causing an ArrayIndexOutOfBoundsException.", - source.getNode(), "User-provided value" + "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql index 537c47b34cc..1b5576f14e8 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql @@ -31,5 +31,5 @@ where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and any(Conf conf).hasFlowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, - "$@ flows to here and is used as an index causing an ArrayIndexOutOfBoundsException.", - source.getNode(), "User-provided value" + "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql index 4e319b388e6..942c5d25950 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql @@ -33,5 +33,5 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, StringFormat formatCall, ExternallyControlledFormatStringConfig conf where conf.hasFlowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument() -select formatCall.getFormatArgument(), source, sink, - "$@ flows to here and is used in a format string.", source.getNode(), "User-provided value" +select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql index 36027f97c30..2cd3a0c29da 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql @@ -31,5 +31,5 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, StringFormat formatCall, ExternallyControlledFormatStringLocalConfig conf where conf.hasFlowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument() -select formatCall.getFormatArgument(), source, sink, - "$@ flows to here and is used in a format string.", source.getNode(), "User-provided value" +select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index 5fa48ee10d1..2ace7dcc65a 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -47,5 +47,5 @@ where underflowSink(exp, sink.getNode().asExpr()) and effect = "underflow" select exp, source, sink, - "$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".", - source.getNode(), "User-provided value" + "This arithmetic expression depends on a $@, potentially causing an " + effect + ".", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql index 20bec26dd9f..1dc6e8a6d06 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql @@ -47,5 +47,5 @@ where underflowSink(exp, sink.getNode().asExpr()) and effect = "underflow" select exp, source, sink, - "$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".", - source.getNode(), "User-provided value" + "This arithmetic expression depends on a $@, potentially causing an " + effect + ".", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index bd0f8b3b007..015abf5831f 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -55,5 +55,5 @@ where underflowSink(exp, sink.getNode().asExpr()) and effect = "underflow" select exp, source, sink, - "$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".", - source.getNode(), "Uncontrolled value" + "This arithmetic expression depends on an $@, potentially causing an " + effect + ".", + source.getNode(), "uncontrolled value" diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp index e3bf61107c4..98a3b8d36da 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp +++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp @@ -43,7 +43,7 @@ For example: PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePerm -
    • +
  • OWASP: Insecure Temporary File.
  • CERT: FIO00-J. Do not operate on files in shared directories.
    • \ No newline at end of file diff --git a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql index b108da2f1de..bc81c3dcc46 100644 --- a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +++ b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql @@ -20,5 +20,6 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink where any(IntentUriPermissionManipulationConf c).hasFlowPath(source, sink) select sink.getNode(), source, sink, - "This Intent can be set with arbitrary flags from $@, " + - "and used to give access to internal content providers.", source.getNode(), "this user input" + "This Intent can be set with arbitrary flags from a $@, " + + "and used to give access to internal content providers.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql b/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql index bb3fc7bfb49..755f2b5a4a7 100644 --- a/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +++ b/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql @@ -17,5 +17,6 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink where any(InsecureTrustManagerConfiguration cfg).hasFlowPath(source, sink) -select sink, source, sink, "This $@, which is defined $@ and trusts any certificate, is used here.", - source, "TrustManager", source.getNode().asExpr().(ClassInstanceExpr).getConstructedType(), "here" +select sink, source, sink, "This uses $@, which is defined in $@ and trusts any certificate.", + source, "TrustManager", + source.getNode().asExpr().(ClassInstanceExpr).getConstructedType() as type, type.nestedName() diff --git a/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql b/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql index 10e122d31c7..d19bbeda9ef 100644 --- a/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +++ b/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql @@ -21,4 +21,4 @@ where isInsecureMailPropertyConfig(ma.getArgument(0).(VarAccess).getVariable()) or enablesEmailSsl(ma) and not hasSslCertificateCheck(ma.getQualifier().(VarAccess).getVariable()) -select ma, "Java mailing has insecure SSL configuration" +select ma, "Java mailing has insecure SSL configuration." diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql index 3c30a02ff48..bc306750e47 100644 --- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql @@ -121,5 +121,5 @@ where not isNodeGuardedByFlag(sink.getNode()) and verifier = source.getNode().asExpr().(ClassInstanceExpr).getConstructedType() select sink, source, sink, - "$@ that is defined $@ and accepts any certificate as valid, is used here.", source, - "This hostname verifier", verifier, "here" + "The $@ defined by $@ always accepts any certificate, even if the hostname does not match.", + source, "hostname verifier", verifier, "this type" diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql index f13e4095121..e428566cbaa 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql @@ -20,5 +20,5 @@ where input = s.getAnInput() and store = s.getAStore() and data.flowsTo(input) -select store, "SQLite database $@ containing $@ is stored $@. Data was added $@.", s, s.toString(), - data, "sensitive data", store, "here", input, "here" +select store, "This stores data in a SQLite database $@ containing $@ which was $@.", s, + s.toString(), data, "sensitive data", input, "previously added" diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql index e563143f0d4..6b581b4abf1 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql @@ -20,5 +20,5 @@ where input = s.getAnInput() and store = s.getAStore() and data.flowsTo(input) -select store, "Local file $@ containing $@ is stored $@. Data was added $@.", s, s.toString(), data, - "sensitive data", store, "here", input, "here" +select store, "This stores the local file $@ containing $@ which was $@.", s, s.toString(), data, + "sensitive data", input, "previously added" diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql index 525e8148a8f..97f083e6aa2 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql @@ -19,5 +19,5 @@ where input = s.getAnInput() and store = s.getAStore() and data.flowsTo(input) -select store, "Storable class $@ containing $@ is stored here. Data was added $@.", s, s.toString(), - data, "sensitive data", input, "here" +select store, "This stores the storable class $@ containing $@ which was $@.", s, s.toString(), + data, "sensitive data", input, "previously added" diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql index 4e370e29d29..13003641a88 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql @@ -18,5 +18,5 @@ where input = s.getAnInput() and store = s.getAStore() and data.flowsTo(input) -select store, "Cookie $@ containing $@ is stored here. Data was added $@.", s, s.toString(), data, - "sensitive data", input, "here" +select store, "This stores cookie $@ containing $@ which was $@.", s, s.toString(), data, + "sensitive data", input, "added to the cookie" diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql index 9a8ce42130e..53bb9ba1fb9 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql @@ -18,5 +18,5 @@ where input = s.getAnInput() and store = s.getAStore() and data.flowsTo(input) -select store, "'Properties' class $@ containing $@ is stored here. Data was added $@.", s, - s.toString(), data, "sensitive data", input, "here" +select store, "This stores 'Properties' class $@ containing $@ which was $@.", s, s.toString(), + data, "sensitive data", input, "previously added" diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql index 17252acf98a..af188931be7 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql @@ -20,5 +20,5 @@ where input = s.getAnInput() and store = s.getAStore() and data.flowsTo(input) -select store, "'SharedPreferences' class $@ containing $@ is stored $@. Data was added $@.", s, - s.toString(), data, "sensitive data", store, "here", input, "here" +select store, "This stores the 'SharedPreferences' class $@ containing $@ which $@.", s, + s.toString(), data, "sensitive data", input, "was set as a shared preference" diff --git a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql index 123313e2177..745a2d6dfad 100644 --- a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql +++ b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql @@ -17,4 +17,4 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink where any(HttpStringToUrlOpenMethodFlowConfig c).hasFlowPath(source, sink) select sink.getNode(), source, sink, "URL may have been constructed with HTTP protocol, using $@.", - source.getNode(), "this source" + source.getNode(), "this HTTP URL" diff --git a/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql b/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql index 30caee117c8..648321ec3ab 100644 --- a/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +++ b/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql @@ -16,5 +16,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, MissingJwtSignatureCheckConf conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "A signing key is set $@, but the signature is not verified.", - source.getNode(), "here" +select sink.getNode(), source, sink, "This parses a $@, but the signature is not verified.", + source.getNode(), "JWT signing key" diff --git a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql index 2fb46ad8943..55dcaeb2de4 100644 --- a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +++ b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql @@ -120,6 +120,5 @@ where not probablyNeverEscapes(r) and // The synchronized methods on `Throwable` are not interesting. not call1.getCallee().getDeclaringType() instanceof TypeThrowable -select call2, - "The state of $@ is checked $@, and then it is used here. But these are not jointly synchronized.", - r, r.getName(), call1, "here" +select call2, "This uses the state of $@ which $@. But these are not jointly synchronized.", r, + r.getName(), call1, "is checked at a previous call" diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.java b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.java new file mode 100644 index 00000000000..7a025014c2b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.java @@ -0,0 +1,41 @@ +import android.content.ContentResolver; +import android.net.Uri; + +public class Example extends Activity { + public void onCreate() { + // BAD: Externally-provided URI directly used in content resolution + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + InputStream is = contentResolver.openInputStream(uri); + copyToExternalCache(is); + } + // BAD: input URI is not normalized, and check can be bypassed with ".." characters + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (path.startsWith("/data")) + throw new SecurityException(); + InputStream is = contentResolver.openInputStream(uri); + copyToExternalCache(is); + } + // GOOD: URI is properly validated to block access to internal files + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (normalized.startsWith("/data")) + throw new SecurityException(); + InputStream is = contentResolver.openInputStream(uri); + copyToExternalCache(is); + } + } + + private void copyToExternalCache(InputStream is) { + // Reads the contents of is and writes a file in the app's external + // cache directory, which can be read publicly by applications in the same device. + } +} diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp new file mode 100644 index 00000000000..4d9c19f40bd --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp @@ -0,0 +1,49 @@ + + + +

    + When an Android application wants to access data in a content provider, it uses the ContentResolver + object. ContentResolvers communicate with an instance of a class that implements the + ContentProvider interface via URIs with the content:// scheme. + + The authority part (the first path segment) of the URI, passed as parameter to the ContentResolver, + determines which content provider is contacted for the operation. Specific operations that act on files also + support the file:// scheme, in which case the local filesystem is queried instead. + + If an external component, like a malicious or compromised application, controls the URI for a + ContentResolver operation, it can trick the vulnerable application into accessing its own private + files or non-exported content providers. The attacking application might be able to get access to the file by forcing it to be copied to a public directory, like + external storage, or tamper with the contents by making the application overwrite the file with unexpected data. +

    +     + +

    + If possible, avoid using externally-provided data to determine the URI for a ContentResolver to use. + If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list + of content providers and/or applications, or alternatively make sure that the URI does not reference private + directories like /data/. +

    +     + +

    + This example shows three ways of opening a file using a ContentResolver. In the first case, externally-provided + data from an intent is used directly in the file-reading operation. This allows an attacker to provide a URI + of the form /data/data/(vulnerable app package)/(private file) to trick the application into reading it and + copying it to the external storage. In the second case, an insufficient check is performed on the externally-provided URI, still + leaving room for exploitation. In the third case, the URI is correctly validated before being used, making sure it does not reference + any internal application files. +

    + +     + +
  • + Android developers: + Content provider basics +
    • +
  • + The ContentResolver class +
    • +     +     diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql new file mode 100644 index 00000000000..37550d1822b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql @@ -0,0 +1,23 @@ +/** + * @name Uncontrolled data used in content resolution + * @description Resolving externally-provided content URIs without validation can allow an attacker + * to access unexpected resources. + * @kind path-problem + * @problem.severity warning + * @security-severity 7.5 + * @precision high + * @id java/android/unsafe-content-uri-resolution + * @tags security + * external/cwe/cwe-441 + * external/cwe/cwe-610 + */ + +import java +import semmle.code.java.security.UnsafeContentUriResolutionQuery +import DataFlow::PathGraph + +from DataFlow::PathNode src, DataFlow::PathNode sink +where any(UnsafeContentResolutionConf c).hasFlowPath(src, sink) +select sink.getNode(), src, sink, + "This ContentResolver method that resolves a URI depends on a $@.", src.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql b/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql index e1636c850b1..af5fec1f9a0 100644 --- a/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +++ b/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql @@ -17,5 +17,6 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink where any(FragmentInjectionTaintConf conf).hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Fragment injection from $@.", source.getNode(), - "this user input" +select sink.getNode(), source, sink, + "Fragment depends on a $@, which may allow a malicious application to bypass access controls.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql index 6bb4cdc3561..d494d92e657 100644 --- a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +++ b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql @@ -18,4 +18,4 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeDeserializationConfig conf where conf.hasFlowPath(source, sink) select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink, - "Unsafe deserialization of $@.", source.getNode(), "user input" + "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql b/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql index 6a89d7747f3..069245b4a3e 100644 --- a/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +++ b/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql @@ -20,5 +20,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, BasicAuthFlowConfig config where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Insecure basic authentication from $@.", source.getNode(), +select sink.getNode(), source, sink, "Insecure basic authentication from a $@.", source.getNode(), "HTTP URL" diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql index 02840afaf65..f3f535e5460 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql @@ -26,5 +26,5 @@ class UrlRedirectConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, UrlRedirectConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Potentially untrusted URL redirection due to $@.", - source.getNode(), "user-provided value" +select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql index a8157748d7b..776cd8cff97 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql @@ -26,5 +26,5 @@ class UrlRedirectLocalConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, UrlRedirectLocalConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Potentially untrusted URL redirection due to $@.", - source.getNode(), "user-provided value" +select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-611/XXE.ql b/java/ql/src/Security/CWE/CWE-611/XXE.ql index d00480a815d..1e89e0d1980 100644 --- a/java/ql/src/Security/CWE/CWE-611/XXE.ql +++ b/java/ql/src/Security/CWE/CWE-611/XXE.ql @@ -52,5 +52,5 @@ class XxeConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, XxeConfig conf where conf.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "A $@ is parsed as XML without guarding against external entity expansion.", source.getNode(), - "user-provided value" + "XML parsing depends on a $@ without guarding against external entity expansion.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql index 9e2d1c1a2ac..eeaa147ce71 100644 --- a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +++ b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql @@ -27,5 +27,5 @@ class XPathInjectionConfiguration extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, XPathInjectionConfiguration c where c.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.", - source.getNode(), "User-provided value" +select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql index 1f9f5fcb1a5..87972319903 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql @@ -44,5 +44,5 @@ where sink.getNode().asExpr() = exp.getExpr() and conf.hasFlowPath(source, sink) select exp, source, sink, - "$@ flows to here and is cast to a narrower type, potentially causing truncation.", - source.getNode(), "User-provided value" + "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql index ad02cb21bc7..7ebbd73c84e 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql @@ -46,5 +46,5 @@ where conf.hasFlowPath(source, sink) and not exists(RightShiftOp e | e.getShiftedVariable() = tainted.getVariable()) select exp, source, sink, - "$@ flows to here and is cast to a narrower type, potentially causing truncation.", - source.getNode(), "User-provided value" + "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql index cab76e294b8..75cd8335fac 100644 --- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql @@ -20,6 +20,6 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp where hasPolynomialReDoSResult(source, sink, regexp) select sink, source, sink, - "This $@ that depends on $@ may run slow on strings " + regexp.getPrefixMessage() + + "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() + "with many repetitions of '" + regexp.getPumpString() + "'.", regexp, "regular expression", - source.getNode(), "a user-provided value" + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql b/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql index 7d2a309c6c0..46a7d5abc10 100644 --- a/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +++ b/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql @@ -22,5 +22,5 @@ where fileVariable.getAnAccess() = setWorldWritable.getFileVarAccess() and // If the file variable is a parameter, the result should be reported in the caller. not fileVariable instanceof Parameter -select setWorldWritable, "A file is set to be world writable here, but is read from $@.", readFrom, +select setWorldWritable, "This sets a file is as world writable, but is read from $@.", readFrom, "statement" diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index a5c8b954d27..f4092807281 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -16,5 +16,5 @@ import DataFlow::PathGraph from RsaWithoutOaepConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink where conf.hasFlowPath(source, sink) -select source, source, sink, - "This specification is used to initialize an RSA cipher without OAEP padding $@.", sink, "here" +select source, source, sink, "This specification is used to $@ without OAEP padding.", sink, + "initialize an RSA cipher" diff --git a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql index a12feeff766..3cfa2079685 100644 --- a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +++ b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql @@ -25,5 +25,5 @@ where sink.getNode().asExpr() = e and conf.hasFlowPath(source, sink) select m, source, sink, - "Sensitive method may not be executed depending on $@, which flows from $@.", e, "this condition", - source.getNode(), "user input" + "Sensitive method may not be executed depending on a $@, which flows from $@.", e, + "this condition", source.getNode(), "user-controlled value" diff --git a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql index 57f94615cc3..1251708ec5f 100644 --- a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +++ b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql @@ -66,4 +66,5 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, PermissionsConstruction p, TaintedPermissionsCheckFlowConfig conf where sink.getNode().asExpr() = p.getInput() and conf.hasFlowPath(source, sink) -select p, source, sink, "Permissions check uses user-controlled $@.", source.getNode(), "data" +select p, source, sink, "Permissions check depends on a $@.", source.getNode(), + "user-controlled value" diff --git a/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql index c787aa60d01..06fc54ab22a 100644 --- a/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +++ b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, OgnlInjectionFlowConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "OGNL expression might include data from $@.", - source.getNode(), "this user input" +select sink.getNode(), source, sink, "OGNL Expression Language statement depends on a $@.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql b/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql index af423052396..604dd366513 100644 --- a/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +++ b/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, RequestForgeryConfiguration conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Potential server-side request forgery due to $@.", - source.getNode(), "a user-provided value" +select sink.getNode(), source, sink, "Potential server-side request forgery due to a $@.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp index e489e411379..3fda3697dfa 100644 --- a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp +++ b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp @@ -26,7 +26,7 @@ Otherwise, a third-party application could impersonate the system this way to ca

    -In the onReceive method of a BroadcastReciever, the action of the received Intent should be checked. The following code demonstrates this. +In the onReceive method of a BroadcastReceiver, the action of the received Intent should be checked. The following code demonstrates this.

    diff --git a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql index 51c54e288ac..605fabc25b5 100644 --- a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +++ b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql @@ -15,5 +15,5 @@ import semmle.code.java.security.ImproperIntentVerificationQuery from AndroidReceiverXmlElement reg, Method orm, SystemActionName sa where unverifiedSystemReceiver(reg, orm, sa) -select orm, "This reciever doesn't verify intents it receives, and is registered $@ to receive $@.", - reg, "here", sa, "the system action " + sa.getName() +select orm, "This reciever doesn't verify intents it receives, and $@ to receive $@.", reg, + "it is registered", sa, "the system action " + sa.getName() diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp new file mode 100644 index 00000000000..5c044d84b5b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp @@ -0,0 +1,58 @@ + + + +

    The Android manifest file specifies the content providers for the application +using provider elements. The provider element +specifies the explicit permissions an application requires in order to access a +resource using that provider. + + You specify the permissions using + the android:readPermission, android:writePermission, + or android:permission attributes. +If you do not specify the permission required to perform an operation, the application will implicitly have access to perform that operation. + For example, if you specify only android:readPermission, the application must have explicit permission to read data, but requires no permission to write data. +

    + +     + + +

    To prevent permission bypass, you should create provider elements that either + specify both the android:readPermission + and android:writePermission attributes, or specify + the android:permission attribute. +

    +     + + + +

    In the following two (bad) examples, the provider is configured with only + read or write permissions. This allows a malicious application to bypass the permission check by requesting access to the unrestricted operation.

    + + + + + +

    In the following (good) examples, the provider is configured with full permissions, protecting it from a permissions bypass.

    + + + + +     + + +
  • + Android Documentation: + Provider element +
    • +
  • + CVE-2021-41166: Insufficient + permission control in Nextcloud Android app +
    • +
  • + GitHub Security Lab Research: + Insufficient permission control in Nextcloud Android app +
    • +     +     diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql new file mode 100644 index 00000000000..a8c6cb99131 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql @@ -0,0 +1,21 @@ +/** + * @name Missing read or write permission in a content provider + * @description Android content providers which do not configure both read and write permissions can allow permission bypass. + * @kind problem + * @problem.severity warning + * @security-severity 8.2 + * @id java/android/incomplete-provider-permissions + * @tags security + * external/cwe/cwe-926 + * @precision medium + */ + +import java +import semmle.code.xml.AndroidManifest + +from AndroidProviderXmlElement provider +where + not provider.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and + provider.isExported() and + provider.hasIncompletePermissions() +select provider, "Exported provider has incomplete permissions." diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsFull.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsFull.xml new file mode 100644 index 00000000000..95dbb0a92f3 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsFull.xml @@ -0,0 +1,12 @@ + + + + + + + diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadOnly.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadOnly.xml new file mode 100644 index 00000000000..278dbb1bb0b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadOnly.xml @@ -0,0 +1,12 @@ + + + + + + + diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadWrite.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadWrite.xml new file mode 100644 index 00000000000..1154c6e7534 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadWrite.xml @@ -0,0 +1,13 @@ + + + + + + + diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsWriteOnly.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsWriteOnly.xml new file mode 100644 index 00000000000..1428c6f1d03 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsWriteOnly.xml @@ -0,0 +1,12 @@ + + + + + + + diff --git a/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql b/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql index 4d8056f68cd..58eb6300868 100644 --- a/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +++ b/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql @@ -20,5 +20,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink where any(ImplicitPendingIntentStartConf conf).hasFlowPath(source, sink) select sink.getNode(), source, sink, - "An implicit Intent is created $@ and sent to an unspecified third party through a PendingIntent.", - source.getNode(), "here" + "$@ and sent to an unspecified third party through a PendingIntent.", source.getNode(), + "An implicit Intent is created" diff --git a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql index 0042fbad694..c8ebb3e61f4 100644 --- a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +++ b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from SensitiveCommunicationConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This call may leak sensitive information from $@.", - source.getNode(), "here" +select sink.getNode(), source, sink, "This call may leak $@.", source.getNode(), + "sensitive information" diff --git a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql index 03d99a6f211..1ace2fc4fcc 100644 --- a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +++ b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql @@ -20,5 +20,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, IntentRedirectionConfiguration conf where conf.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "Arbitrary Android activities or services can be started from $@.", source.getNode(), - "this user input" + "Arbitrary Android activities or services can be started from a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll index eaf88555444..c3e11d4b9bc 100644 --- a/java/ql/src/Telemetry/ExternalApi.qll +++ b/java/ql/src/Telemetry/ExternalApi.qll @@ -69,7 +69,7 @@ class ExternalApi extends Callable { /** Holds if this API has a supported summary. */ predicate hasSummary() { - this instanceof SummarizedCallable or + this = any(SummarizedCallable sc).asCallable() or TaintTracking::localAdditionalTaintStep(this.getAnInput(), _) } @@ -105,29 +105,40 @@ deprecated class ExternalAPI = ExternalApi; int resultLimit() { result = 1000 } /** - * Holds if the relevant usage count of `api` is `usages`. + * Holds if it is relevant to count usages of `api`. */ -signature predicate relevantUsagesSig(ExternalApi api, int usages); +signature predicate relevantApi(ExternalApi api); /** * Given a predicate to count relevant API usages, this module provides a predicate * for restricting the number or returned results based on a certain limit. */ -module Results { - private int getOrder(ExternalApi api) { - api = - rank[result](ExternalApi a, int usages | - getRelevantUsages(a, usages) +module Results { + private int getUsages(string apiName) { + result = + strictcount(Call c, ExternalApi api | + c.getCallee().getSourceDeclaration() = api and + not c.getFile() instanceof GeneratedFile and + apiName = api.getApiName() and + getRelevantUsages(api) + ) + } + + private int getOrder(string apiInfo) { + apiInfo = + rank[result](string info, int usages | + usages = getUsages(info) | - a order by usages desc, a.getApiName() + info order by usages desc, info ) } /** - * Holds if `api` is being used `usages` times and if it is - * in the top results (guarded by resultLimit). + * Holds if there exists an API with `apiName` that is being used `usages` times + * and if it is in the top results (guarded by resultLimit). */ - predicate restrict(ExternalApi api, int usages) { - getRelevantUsages(api, usages) and getOrder(api) <= resultLimit() + predicate restrict(string apiName, int usages) { + usages = getUsages(apiName) and + getOrder(apiName) <= resultLimit() } } diff --git a/java/ql/src/Telemetry/SupportedExternalSinks.ql b/java/ql/src/Telemetry/SupportedExternalSinks.ql index 26bdc4a4ba3..7593adeed2a 100644 --- a/java/ql/src/Telemetry/SupportedExternalSinks.ql +++ b/java/ql/src/Telemetry/SupportedExternalSinks.ql @@ -9,16 +9,11 @@ import java import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSink() and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + api.isSink() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Telemetry/SupportedExternalSources.ql b/java/ql/src/Telemetry/SupportedExternalSources.ql index 3708e6ffbdb..89f9b37cb55 100644 --- a/java/ql/src/Telemetry/SupportedExternalSources.ql +++ b/java/ql/src/Telemetry/SupportedExternalSources.ql @@ -9,16 +9,11 @@ import java import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSource() and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + api.isSource() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Telemetry/SupportedExternalTaint.ql b/java/ql/src/Telemetry/SupportedExternalTaint.ql index f6e651204cf..3f995138812 100644 --- a/java/ql/src/Telemetry/SupportedExternalTaint.ql +++ b/java/ql/src/Telemetry/SupportedExternalTaint.ql @@ -9,16 +9,11 @@ import java import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.hasSummary() and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + api.hasSummary() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql index a6666637f16..16871f87a53 100644 --- a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +++ b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql @@ -11,17 +11,12 @@ import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl import semmle.code.java.dataflow.internal.NegativeSummary import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and not api.isSupported() and - not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + not api = any(FlowSummaryImpl::Public::NegativeSummarizedCallable nsc).asCallable() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql b/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql index 3e1d7cfd135..ba41a309a46 100644 --- a/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql +++ b/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql @@ -86,6 +86,5 @@ where ) and // Exclude special VM classes. not isVMObserver(f.getDeclaringType()) -select f, - "The field '" + f.getName() + "' is never explicitly assigned a value, yet it is read $@.", fr, - "here" +select f, "The field '" + f.getName() + "' is never explicitly assigned a value, yet $@.", fr, + "the field is read" diff --git a/java/ql/src/Violations of Best Practice/Dead Code/UnusedLocal.ql b/java/ql/src/Violations of Best Practice/Dead Code/UnusedLocal.ql index 62bea618610..dbed42872c9 100644 --- a/java/ql/src/Violations of Best Practice/Dead Code/UnusedLocal.ql +++ b/java/ql/src/Violations of Best Practice/Dead Code/UnusedLocal.ql @@ -29,6 +29,4 @@ where // Rules about catch clauses belong in an exception handling query not exceptionVariable(ve) and not enhancedForVariable(ve) -select v, - "Unused local variable " + v.getName() + - ". The variable is never read or written to and should be removed." +select v, "Variable " + v.getName() + " is not used." diff --git a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql index 8fe3d4e6ba6..9f24744fa0c 100644 --- a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +++ b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql @@ -120,8 +120,12 @@ predicate exposesByStore(Callable c, Field f, Expr why, string whyText) { from Callable c, Field f, Expr why, string whyText where - exposesByReturn(c, f, why, whyText) or - exposesByStore(c, f, why, whyText) + ( + exposesByReturn(c, f, why, whyText) or + exposesByStore(c, f, why, whyText) + ) and + // Kotlin properties expose internal representation, but it's not accidental, so ignore them + not exists(Property p | p.getBackingField() = f) select c, c.getName() + " exposes the internal representation stored in field " + f.getName() + ". The value may be modified $@.", why.getLocation(), whyText diff --git a/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql b/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql index a786facaa1b..faf64b0ae5e 100644 --- a/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql +++ b/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql @@ -12,6 +12,7 @@ */ import java +private import semmle.code.java.frameworks.android.Compose class VisibleInstanceField extends Field { VisibleInstanceField() { @@ -28,6 +29,8 @@ where masked.getName() = masking.getName() and // Exclude intentional masking. not exists(VarAccess va | va.getVariable() = masked | va.getQualifier() instanceof SuperAccess) and - type.fromSource() + type.fromSource() and + // Exclude live literal variables, which is generated code. + not masking.getInitializer() instanceof LiveLiteral select masking, "This field shadows another field called $@ in a superclass.", masked, masked.getName() diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql index 56038621a9a..3400110b3d6 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql @@ -23,4 +23,4 @@ where hasNext.getDeclaringType().getSourceDeclaration().getAnAncestor() = i and hasNext.hasName("hasNext") ) -select m, "next() called from within an Iterator method." +select m, "This calls 'next()' from within an Iterator method." diff --git a/java/ql/src/change-notes/2022-08-26-unsafe-content-uri-resolution.md b/java/ql/src/change-notes/2022-08-26-unsafe-content-uri-resolution.md new file mode 100644 index 00000000000..21c41265505 --- /dev/null +++ b/java/ql/src/change-notes/2022-08-26-unsafe-content-uri-resolution.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. \ No newline at end of file diff --git a/java/ql/src/change-notes/2022-08-31-webview-dubugging.md b/java/ql/src/change-notes/2022-08-31-webview-dubugging.md deleted file mode 100644 index 8e6295efeb3..00000000000 --- a/java/ql/src/change-notes/2022-08-31-webview-dubugging.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `java/android/webview-debugging-enabled`, to detect instances of WebView debugging being enabled in production builds. \ No newline at end of file diff --git a/java/ql/src/change-notes/2022-09-29-contentprovider-incomplete-permissions.md b/java/ql/src/change-notes/2022-09-29-contentprovider-incomplete-permissions.md new file mode 100644 index 00000000000..bdbd092f037 --- /dev/null +++ b/java/ql/src/change-notes/2022-09-29-contentprovider-incomplete-permissions.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions. diff --git a/java/ql/src/change-notes/released/0.4.1.md b/java/ql/src/change-notes/released/0.4.1.md new file mode 100644 index 00000000000..0ac482407a7 --- /dev/null +++ b/java/ql/src/change-notes/released/0.4.1.md @@ -0,0 +1,11 @@ +## 0.4.1 + +### New Queries + +* Added a new query, `java/android/webview-debugging-enabled`, to detect instances of WebView debugging being enabled in production builds. + +### Minor Analysis Improvements + +* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages. +* `PathSanitizer.qll` has been promoted from experimental to the main query pack. This sanitizer was originally [submitted as part of an experimental query by @luchua-bc](https://github.com/github/codeql/pull/7286). +* The queries `java/path-injection`, `java/path-injection-local` and `java/zipslip` now use the sanitizers provided by `PathSanitizer.qll`. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 458bfbeccff..89fa3a87180 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.0 +lastReleaseVersion: 0.4.1 diff --git a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql index a48cba9894c..7b70a2e47d9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql @@ -203,5 +203,5 @@ class Log4jInjectionConfiguration extends TaintTracking::Configuration { from Log4jInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This $@ flows to a Log4j log entry.", source.getNode(), +select sink.getNode(), source, sink, "Log4j log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql index 238f586ff21..dd23cfd5ff8 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql @@ -53,4 +53,4 @@ where sink.getNode().asExpr() = call.getQualifier() and any(RemoteUrlToOpenStreamFlowConfig c).hasFlowPath(source, sink) select call, source, sink, - "URL on which openStream is called may have been constructed from remote source" + "URL on which openStream is called may have been constructed from remote source." diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql index e8ebabba3c6..fff9a3b3613 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql @@ -15,9 +15,32 @@ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.PathCreation import JFinalController -import experimental.semmle.code.java.PathSanitizer +import semmle.code.java.security.PathSanitizer import DataFlow::PathGraph +/** A complementary sanitizer that protects against path traversal using path normalization. */ +class PathNormalizeSanitizer extends MethodAccess { + PathNormalizeSanitizer() { + exists(RefType t | + t instanceof TypePath or + t.hasQualifiedName("kotlin.io", "FilesKt") + | + this.getMethod().getDeclaringType() = t and + this.getMethod().hasName("normalize") + ) + or + this.getMethod().getDeclaringType() instanceof TypeFile and + this.getMethod().hasName(["getCanonicalPath", "getCanonicalFile"]) + } +} + +/** A node with path normalization. */ +class NormalizedPathNode extends DataFlow::Node { + NormalizedPathNode() { + TaintTracking::localExprTaint(this.asExpr(), any(PathNormalizeSanitizer ma)) + } +} + class InjectFilePathConfig extends TaintTracking::Configuration { InjectFilePathConfig() { this = "InjectFilePathConfig" } @@ -31,7 +54,7 @@ class InjectFilePathConfig extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { exists(Type t | t = node.getType() | t instanceof BoxedType or t instanceof PrimitiveType) or - node instanceof PathTraversalSanitizer + node instanceof PathInjectionSanitizer } } diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.java b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.java new file mode 100644 index 00000000000..460f753a9dd --- /dev/null +++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.java @@ -0,0 +1,9 @@ +class Test { + public static void main(String[] args) { + String script = System.getenv("SCRIPTNAME"); + if (script != null) { + // BAD: The script to be executed is controlled by the user. + Runtime.getRuntime().exec(script); + } + } +} \ No newline at end of file diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.qhelp b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.qhelp new file mode 100644 index 00000000000..a8b7508763c --- /dev/null +++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.qhelp @@ -0,0 +1,47 @@ + + + +

    Code that passes user input directly to Runtime.exec, or +some other library routine that executes a command, allows the +user to execute malicious code.

    + +     + + +

    If possible, use hard-coded string literals to specify the command to run +or library to load. Instead of passing the user input directly to the +process or library function, examine the user input and then choose +among hard-coded string literals.

    + +

    If the applicable libraries or commands cannot be determined at +compile time, then add code to verify that the user input string is +safe before using it.

    + +     + + +

    The following example shows code that takes a shell script that can be changed +maliciously by a user, and passes it straight to Runtime.exec +without examining it first.

    + + + +     + + +
  • +OWASP: +Command Injection. +
    • +
  • SEI CERT Oracle Coding Standard for Java: + IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method.
    • + + + + + +     +     diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql index d5ddc9af1d4..7915d8f2bce 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql @@ -21,5 +21,5 @@ import DataFlow::PathGraph // This is a clone of query `java/command-line-injection` that also includes experimental sinks. from DataFlow::PathNode source, DataFlow::PathNode sink, ArgumentToExec execArg where execTainted(source, sink, execArg) -select execArg, source, sink, "$@ flows to here and is used in a command.", source.getNode(), - "User-provided value" +select execArg, source, sink, "This command line depends on a $@.", source.getNode(), + "user-provided value" diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql index 69175790af7..e176c513213 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql @@ -61,4 +61,4 @@ where not m.getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType and // `@RestController` inherits `@ResponseBody` internally so it should be ignored. not m.getDeclaringType() instanceof SpringRestController -select m, "This method may be vulnerable to spring view manipulation vulnerabilities" +select m, "This method may be vulnerable to spring view manipulation vulnerabilities." diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp index dadd20dfdb7..67d348dfdb3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp @@ -8,7 +8,7 @@ including invocation of methods available in the JVM.

    - An unrestricted view name manipulation vulnerability in Spring Framework could lead to attacker-controlled arbitary SpEL expressions being evaluated using attacker-controlled data, which may in turn allow an attacker to run arbitrary code. + An unrestricted view name manipulation vulnerability in Spring Framework could lead to attacker-controlled arbitrary SpEL expressions being evaluated using attacker-controlled data, which may in turn allow an attacker to run arbitrary code.

    Note: two related variants of this problem are detected by different queries, `java/spring-view-manipulation` and `java/spring-view-manipulation-implicit`. The first detects taint flow problems where the return types is always String. While the latter, `java/spring-view-manipulation-implicit` detects cases where the request mapping method has a non-string return type such as void. @@ -19,7 +19,7 @@

    In general, using user input to determine Spring view name should be avoided. If user input must be included in the expression, the controller can be annotated by - a @ReponseBody annotation. In this case, Spring Framework does not interpret + a @ResponseBody annotation. In this case, Spring Framework does not interpret it as a view name, but just returns this string in HTTP Response. The same applies to using a @RestController annotation on a class, as internally it inherits @ResponseBody.

    @@ -31,7 +31,7 @@

    - This can be easily prevented by using the ResponseBody annotation which marks the reponse is already processed preventing exploitation of Spring View Manipulation vulnerabilities. Alternatively, this can also be fixed by adding a HttpServletResponse parameter to the method definition as shown in the example below. + This can be easily prevented by using the ResponseBody annotation which marks the response is already processed preventing exploitation of Spring View Manipulation vulnerabilities. Alternatively, this can also be fixed by adding a HttpServletResponse parameter to the method definition as shown in the example below.

    diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql index fbc3e0536b1..5d259b63b14 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql @@ -23,4 +23,4 @@ private class HttpOnlyConfig extends WebContextParameter { from HttpOnlyConfig config where config.isHttpOnlySet() select config, - "httpOnly should be enabled in tomcat config file to help mitigate cross-site scripting (XSS) attacks" + "'httpOnly' should be enabled in tomcat config file to help mitigate cross-site scripting (XSS) attacks." diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql index 1c3615e2b3f..7327f2cebf2 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql @@ -13,7 +13,7 @@ import java import semmle.code.java.controlflow.Guards import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking -import experimental.semmle.code.java.PathSanitizer +import semmle.code.java.security.PathSanitizer import AndroidWebResourceResponse import DataFlow::PathGraph @@ -24,7 +24,7 @@ class InsecureWebResourceResponseConfig extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof WebResourceResponseSink } - override predicate isSanitizer(DataFlow::Node node) { node instanceof PathTraversalSanitizer } + override predicate isSanitizer(DataFlow::Node node) { node instanceof PathInjectionSanitizer } } from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureWebResourceResponseConfig conf diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql index e897e367cb2..5ac93ffac2a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql @@ -107,4 +107,4 @@ from MethodAccess ma where isInsecureSslEndpoint(ma) and not isTestMethod(ma) -select ma, "LDAPS configuration allows insecure endpoint identification" +select ma, "LDAPS configuration allows insecure endpoint identification." diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp index 2b359faf1ed..9883a64bc7a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp @@ -23,7 +23,7 @@ then revocation checking is not going to happen.

    -

    An application should not disable the default revocationg checking mechanism +

    An application should not disable the default revocation checking mechanism unless it provides a custom revocation checker.

     diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql index c38cc39b126..c3af26f8ff4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql @@ -16,5 +16,4 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, DisabledRevocationCheckingConfig config where config.hasFlowPath(source, sink) -select source.getNode(), source, sink, "Revocation checking is disabled $@.", source.getNode(), - "here" +select source.getNode(), source, sink, "This disables revocation checking." diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp index 34240696b4d..6e9225f3b79 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp @@ -3,14 +3,14 @@

    Transport Layer Security (TLS) provides a number of security features such as -confidentiality, integrity, replay prevention and authenticatin. +confidentiality, integrity, replay prevention and authentication. There are several versions of TLS protocols. The latest is TLS 1.3. Unfortunately, older versions were found to be vulnerable to a number of attacks.

     -

    An application should use TLS 1.3. Currenlty, TLS 1.2 is also considered acceptable.

    +

    An application should use TLS 1.3. Currently, TLS 1.2 is also considered acceptable.

     diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql index 38d7144049d..3a1195d8a7c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql @@ -16,5 +16,5 @@ import DataFlow::PathGraph from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeTlsVersionConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ is unsafe", source.getNode(), +select sink.getNode(), source, sink, "$@ is unsafe.", source.getNode(), source.getNode().asExpr().(StringLiteral).getValue() diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp index b4c66b9ef00..e85a0aef371 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp @@ -3,7 +3,7 @@

    -Allowing users to freely choose the name of a class to instantiate could provide means to attack a vulnerable appplication. +Allowing users to freely choose the name of a class to instantiate could provide means to attack a vulnerable application.

    diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql b/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql index 1bbb1b71ab4..b9a41ba0271 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql @@ -21,4 +21,4 @@ where c.getNameValue() = "struts.devMode" and c.getValueValue() = "true" and not isLikelyDemoProject(c.getFile().getRelativePath()) -select c, "Enabling development mode in production environments is dangerous" +select c, "Enabling development mode in production environments is dangerous." diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp index 02ee7d7dab1..67d1a89f8fa 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp @@ -50,7 +50,7 @@ whose methods use only primitive types and strings:

    -The next example shows how to set a deserilization filter for a remote object: +The next example shows how to set a deserialization filter for a remote object:

    diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql index 751535ff7ca..2914ebd7be2 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql @@ -55,4 +55,4 @@ private class UnsafeBeanInitMethod extends Method { from UnsafeBeanInitMethod method select method, - "Unsafe deserialization in a Spring exporter bean '" + method.getBeanIdentifier() + "'" + "Unsafe deserialization in a Spring exporter bean '" + method.getBeanIdentifier() + "'." diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql index d7606587df3..c2a8721e643 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql @@ -17,4 +17,4 @@ import UnsafeSpringExporterLib from SpringBean bean where isRemoteInvocationSerializingExporter(bean.getClass()) -select bean, "Unsafe deserialization in a Spring exporter bean '" + bean.getBeanIdentifier() + "'" +select bean, "Unsafe deserialization in a Spring exporter bean '" + bean.getBeanIdentifier() + "'." diff --git a/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql index 1ef4fb4d1f6..e4bc4b8912f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql @@ -47,4 +47,4 @@ class DirectoryListingInitParam extends WebXmlElement { from DirectoryListingInitParam initp where initp.isListingEnabled() -select initp, "Directory listing should be disabled to mitigate filename and path disclosure" +select initp, "Directory listing should be disabled to mitigate filename and path disclosure." diff --git a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql index 138f07455f1..e7c70a695b6 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql @@ -15,7 +15,7 @@ import UnsafeUrlForward import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking import experimental.semmle.code.java.frameworks.Jsf -import experimental.semmle.code.java.PathSanitizer +import semmle.code.java.security.PathSanitizer import DataFlow::PathGraph class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration { @@ -37,7 +37,7 @@ class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof UnsafeUrlForwardSanitizer or - node instanceof PathTraversalSanitizer + node instanceof PathInjectionSanitizer } override DataFlow::FlowFeature getAFeature() { diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql index 809c5e5e17d..f3ab1f166e7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql @@ -75,5 +75,5 @@ class UncaughtServletExceptionConfiguration extends TaintTracking::Configuration from DataFlow::PathNode source, DataFlow::PathNode sink, UncaughtServletExceptionConfiguration c where c.hasFlowPath(source, sink) and not hasErrorPage() -select sink.getNode(), source, sink, "$@ flows to here and can throw uncaught exception.", - source.getNode(), "User-provided value" +select sink.getNode(), source, sink, "This value depends on a $@ and can throw uncaught exception.", + source.getNode(), "user-provided value" diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialisation.java b/java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialization.java similarity index 100% rename from java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialisation.java rename to java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialization.java diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitalisation.java b/java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitialization.java similarity index 100% rename from java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitalisation.java rename to java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitialization.java diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp index c74d5a9d4b4..51e36dc830c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp @@ -6,7 +6,7 @@

    For special use cases some applications may implement a custom service which handles JMX-RMI connections.

    -

    When creating such a custom service, a developer should pass a certain environment configuration to the JMX-RMI server initalisation, +

    When creating such a custom service, a developer should pass a certain environment configuration to the JMX-RMI server initialization, as otherwise the JMX-RMI service is susceptible to an unsafe deserialization vulnerability.

    This is because the JMX-RMI service allows attackers to supply arbitrary objects to the service authentication @@ -41,11 +41,11 @@ For this reason an initialization with a null environment is also v

    The first example shows how an JMX server is initialized securely with the JMXConnectorServerFactory.newJMXConnectorServer() call.

    - +

    The second example shows how a JMX Server is initialized securely if the RMIConnectorServer class is used.

    - +     diff --git a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql index 192aa8d4fa0..662a1f0f495 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql @@ -90,4 +90,4 @@ class HostVerificationMethodAccess extends MethodAccess { from UriGetHostMethod um, MethodAccess uma, HostVerificationMethodAccess hma where hma.getQualifier() = uma and uma.getMethod() = um -select hma, "Method has potentially $@ ", hma.getArgument(0), "improper URL verification" +select hma, "Method has potentially $@.", hma.getArgument(0), "improper URL verification" diff --git a/java/ql/src/experimental/semmle/code/java/PathSanitizer.qll b/java/ql/src/experimental/semmle/code/java/PathSanitizer.qll deleted file mode 100644 index 768d35504f7..00000000000 --- a/java/ql/src/experimental/semmle/code/java/PathSanitizer.qll +++ /dev/null @@ -1,222 +0,0 @@ -import java -private import semmle.code.java.controlflow.Guards -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.dataflow.ExternalFlow - -/** - * DEPRECATED: Use `PathTraversalSanitizer` instead. - * - * A barrier guard that protects against path traversal vulnerabilities. - */ -abstract deprecated class PathTraversalBarrierGuard extends DataFlow::BarrierGuard { } - -/** A sanitizer that protects against path traversal vulnerabilities. */ -abstract class PathTraversalSanitizer extends DataFlow::Node { } - -/** - * Holds if `g` is guard that compares a string to a trusted value. - */ -private predicate exactStringPathMatchGuard(Guard g, Expr e, boolean branch) { - exists(MethodAccess ma | - ma = g and - ma.getMethod().getDeclaringType() instanceof TypeString and - ma.getMethod().getName() = ["equals", "equalsIgnoreCase"] and - e = ma.getQualifier() and - branch = true - ) -} - -private class ExactStringPathMatchSanitizer extends PathTraversalSanitizer { - ExactStringPathMatchSanitizer() { - this = DataFlow::BarrierGuard::getABarrierNode() - } -} - -/** - * Given input `e` = `v.method1(...).method2(...)...`, returns `v` where `v` is a `VarAccess`. - * - * This is used to look through field accessors such as `uri.getPath()`. - */ -private Expr getUnderlyingVarAccess(Expr e) { - result = getUnderlyingVarAccess(e.(MethodAccess).getQualifier()) - or - result = e.(VarAccess) -} - -private class AllowListGuard extends Guard instanceof MethodAccess { - AllowListGuard() { - (isStringPartialMatch(this) or isPathPartialMatch(this)) and - not isDisallowedWord(super.getAnArgument()) - } - - Expr getCheckedExpr() { result = getUnderlyingVarAccess(super.getQualifier()) } -} - -/** - * Holds if `g` is a guard that considers a path safe because it is checked against an allowlist of partial trusted values. - * This requires additional protection against path traversal, either another guard (`PathTraversalGuard`) - * or a sanitizer (`PathNormalizeSanitizer`), to ensure any internal `..` components are removed from the path. - */ -private predicate allowListGuard(Guard g, Expr e, boolean branch) { - e = g.(AllowListGuard).getCheckedExpr() and - branch = true and - ( - // Either a path normalization sanitizer comes before the guard, - exists(PathNormalizeSanitizer sanitizer | DataFlow::localExprFlow(sanitizer, e)) - or - // or a check like `!path.contains("..")` comes before the guard - exists(PathTraversalGuard previousGuard | - DataFlow::localExprFlow(previousGuard.getCheckedExpr(), e) and - previousGuard.controls(g.getBasicBlock().(ConditionBlock), false) - ) - ) -} - -private class AllowListSanitizer extends PathTraversalSanitizer { - AllowListSanitizer() { this = DataFlow::BarrierGuard::getABarrierNode() } -} - -/** - * Holds if `g` is a guard that considers a path safe because it is checked for `..` components, having previously - * been checked for a trusted prefix. - */ -private predicate dotDotCheckGuard(Guard g, Expr e, boolean branch) { - e = g.(PathTraversalGuard).getCheckedExpr() and - branch = false and - // The same value has previously been checked against a list of allowed prefixes: - exists(AllowListGuard previousGuard | - DataFlow::localExprFlow(previousGuard.getCheckedExpr(), e) and - previousGuard.controls(g.getBasicBlock().(ConditionBlock), true) - ) -} - -private class DotDotCheckSanitizer extends PathTraversalSanitizer { - DotDotCheckSanitizer() { this = DataFlow::BarrierGuard::getABarrierNode() } -} - -private class BlockListGuard extends Guard instanceof MethodAccess { - BlockListGuard() { - (isStringPartialMatch(this) or isPathPartialMatch(this)) and - isDisallowedWord(super.getAnArgument()) - } - - Expr getCheckedExpr() { result = getUnderlyingVarAccess(super.getQualifier()) } -} - -/** - * Holds if `g` is a guard that considers a string safe because it is checked against a blocklist of known dangerous values. - * This requires a prior check for URL encoding concealing a forbidden value, either a guard (`UrlEncodingGuard`) - * or a sanitizer (`UrlDecodeSanitizer`). - */ -private predicate blockListGuard(Guard g, Expr e, boolean branch) { - e = g.(BlockListGuard).getCheckedExpr() and - branch = false and - ( - // Either `e` has been URL decoded: - exists(UrlDecodeSanitizer sanitizer | DataFlow::localExprFlow(sanitizer, e)) - or - // or `e` has previously been checked for URL encoding sequences: - exists(UrlEncodingGuard previousGuard | - DataFlow::localExprFlow(previousGuard.getCheckedExpr(), e) and - previousGuard.controls(g.getBasicBlock(), false) - ) - ) -} - -private class BlockListSanitizer extends PathTraversalSanitizer { - BlockListSanitizer() { this = DataFlow::BarrierGuard::getABarrierNode() } -} - -/** - * Holds if `g` is a guard that considers a string safe because it is checked for URL encoding sequences, - * having previously been checked against a block-list of forbidden values. - */ -private predicate urlEncodingGuard(Guard g, Expr e, boolean branch) { - e = g.(UrlEncodingGuard).getCheckedExpr() and - branch = false and - exists(BlockListGuard previousGuard | - DataFlow::localExprFlow(previousGuard.getCheckedExpr(), e) and - previousGuard.controls(g.getBasicBlock(), false) - ) -} - -private class UrlEncodingSanitizer extends PathTraversalSanitizer { - UrlEncodingSanitizer() { this = DataFlow::BarrierGuard::getABarrierNode() } -} - -/** - * Holds if `ma` is a call to a method that checks a partial string match. - */ -private predicate isStringPartialMatch(MethodAccess ma) { - ma.getMethod().getDeclaringType() instanceof TypeString and - ma.getMethod().getName() = - ["contains", "startsWith", "matches", "regionMatches", "indexOf", "lastIndexOf"] -} - -/** - * Holds if `ma` is a call to a method of `java.nio.file.Path` that checks a partial path match. - */ -private predicate isPathPartialMatch(MethodAccess ma) { - ma.getMethod().getDeclaringType() instanceof TypePath and - ma.getMethod().getName() = "startsWith" -} - -private predicate isDisallowedWord(CompileTimeConstantExpr word) { - word.getStringValue().matches(["%WEB-INF%", "%META-INF%", "%..%"]) -} - -/** A complementary guard that protects against path traversal, by looking for the literal `..`. */ -class PathTraversalGuard extends Guard instanceof MethodAccess { - PathTraversalGuard() { - super.getMethod().getDeclaringType() instanceof TypeString and - super.getMethod().hasName(["contains", "indexOf"]) and - super.getAnArgument().(CompileTimeConstantExpr).getStringValue() = ".." - } - - Expr getCheckedExpr() { result = getUnderlyingVarAccess(super.getQualifier()) } -} - -/** A complementary sanitizer that protects against path traversal using path normalization. */ -private class PathNormalizeSanitizer extends MethodAccess { - PathNormalizeSanitizer() { - this.getMethod().getDeclaringType().hasQualifiedName("java.nio.file", "Path") and - this.getMethod().hasName("normalize") - } -} - -/** A complementary guard that protects against double URL encoding, by looking for the literal `%`. */ -private class UrlEncodingGuard extends Guard instanceof MethodAccess { - UrlEncodingGuard() { - super.getMethod().getDeclaringType() instanceof TypeString and - super.getMethod().hasName(["contains", "indexOf"]) and - super.getAnArgument().(CompileTimeConstantExpr).getStringValue() = "%" - } - - Expr getCheckedExpr() { result = super.getQualifier() } -} - -/** A complementary sanitizer that protects against double URL encoding using URL decoding. */ -private class UrlDecodeSanitizer extends MethodAccess { - UrlDecodeSanitizer() { - this.getMethod().getDeclaringType().hasQualifiedName("java.net", "URLDecoder") and - this.getMethod().hasName("decode") - } -} - -/** A node with path normalization. */ -class NormalizedPathNode extends DataFlow::Node { - NormalizedPathNode() { - TaintTracking::localExprTaint(this.asExpr(), any(PathNormalizeSanitizer ma)) - } -} - -/** Data model related to `java.nio.file.Path`. */ -private class PathDataModel extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "java.nio.file;Paths;true;get;;;Argument[0];ReturnValue;taint;manual", - "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 5f93a953ea6..d74415382a4 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.4.1-dev +version: 0.4.2-dev groups: - java - queries diff --git a/java/ql/src/utils/model-generator/internal/CaptureModels.qll b/java/ql/src/utils/model-generator/internal/CaptureModels.qll index 82c6fbd1bbb..82ac94c8fc4 100644 --- a/java/ql/src/utils/model-generator/internal/CaptureModels.qll +++ b/java/ql/src/utils/model-generator/internal/CaptureModels.qll @@ -247,7 +247,7 @@ string captureSource(DataFlowTargetApi api) { * A TaintTracking Configuration used for tracking flow through APIs. * The sources are the parameters of the API and the fields of the enclosing type. * - * This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field) + * This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field) * into an existing known sink (then the API itself becomes a sink). */ private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific { diff --git a/java/ql/src/utils/stub-generator/MinimalStubsFromSource.ql b/java/ql/src/utils/stub-generator/MinimalStubsFromSource.ql index 5b9bc077dba..1d414f1c9d9 100644 --- a/java/ql/src/utils/stub-generator/MinimalStubsFromSource.ql +++ b/java/ql/src/utils/stub-generator/MinimalStubsFromSource.ql @@ -20,6 +20,8 @@ class UsedInSource extends GeneratedDeclaration { this = any(RefType t | t.fromSource()) or this = any(TypeAccess ta | ta.fromSource()) + or + this = any(Annotation a | a.getAnnotatedElement().fromSource()).getType() ) } } diff --git a/java/ql/src/utils/stub-generator/Stubs.qll b/java/ql/src/utils/stub-generator/Stubs.qll index 99fa978b9d5..5c04dee0090 100644 --- a/java/ql/src/utils/stub-generator/Stubs.qll +++ b/java/ql/src/utils/stub-generator/Stubs.qll @@ -16,7 +16,8 @@ abstract private class GeneratedType extends ClassOrInterface { } private string stubKeyword() { - this instanceof Interface and result = "interface" + this instanceof Interface and + (if this instanceof AnnotationType then result = "@interface" else result = "interface") or this instanceof Class and (if this instanceof EnumType then result = "enum" else result = "class") @@ -27,19 +28,32 @@ abstract private class GeneratedType extends ClassOrInterface { } private string stubStaticModifier() { - if this.isStatic() then result = "static " else result = "" + if this.(NestedType).isStatic() then result = "static " else result = "" } private string stubAccessibilityModifier() { if this.isPublic() then result = "public " else result = "" } + private string stubAnnotations() { + if exists(this.(AnnotationType).getAnAnnotation()) + then + result = + concat(Annotation an | + this.(AnnotationType).getAnAnnotation() = an + | + stubAnnotation(an), "\n" order by an.getType().getQualifiedName() + ) + "\n" + else result = "" + } + /** Gets the entire Java stub code for this type. */ final string getStub() { result = - this.stubAbstractModifier() + this.stubStaticModifier() + this.stubAccessibilityModifier() + - this.stubKeyword() + " " + this.getName() + stubGenericArguments(this, true) + - this.stubBaseTypesString() + "\n{\n" + this.stubMembers() + "}" + this.stubAnnotations() + this.stubAbstractModifier() + this.stubStaticModifier() + + this.stubAccessibilityModifier() + this.stubKeyword() + " " + this.getName() + + stubGenericArguments(this, true) + this.stubBaseTypesString() + "\n{\n" + this.stubMembers() + + "}" } private RefType getAnInterestingBaseType() { @@ -60,7 +74,9 @@ abstract private class GeneratedType extends ClassOrInterface { else cls = "" ) and ( - if exists(this.getAnInterestingBaseType().(Interface)) + if + exists(this.getAnInterestingBaseType().(Interface)) and + not this instanceof AnnotationType then ( (if this instanceof Class then int_kw = " implements " else int_kw = " extends ") and interface = concat(stubTypeName(this.getAnInterestingBaseType().(Interface)), ", ") @@ -96,15 +112,14 @@ abstract private class GeneratedType extends ClassOrInterface { } final Type getAGeneratedType() { - result = this.getAnInterestingBaseType() - or - result = this.getAGeneratedMember().(Callable).getReturnType() - or - result = this.getAGeneratedMember().(Callable).getAParameter().getType() - or - result = this.getAGeneratedMember().(Field).getType() - or - result = this.getAGeneratedMember().(NestedType) + result = this.getAnInterestingBaseType() or + result = this.getAGeneratedMember().(Callable).getReturnType() or + result = this.getAGeneratedMember().(Callable).getAParameter().getType() or + result = this.getAGeneratedMember().(Field).getType() or + result = this.getAGeneratedMember().(NestedType) or + result = this.(AnnotationType).getAnAnnotation().getType() or + result = this.(AnnotationType).getAnAnnotation().getValue(_).getType() or + result = this.(AnnotationType).getAnAnnotation().getAnArrayValue(_).getType() } } @@ -391,6 +406,47 @@ private string stubMember(Member m) { ) } +language[monotonicAggregates] +private string stubAnnotation(Annotation a) { + if exists(a.getValue(_)) + then + result = + "@" + a.getType().getName() + "(" + + concat(string name, Expr value | + value = a.getValue(name) + | + name + "=" + stubAnnotationValue(value), "," + ) + ")" + else result = "@" + a.getType().getName() +} + +language[monotonicAggregates] +private string stubAnnotationValue(Expr value) { + result = value.(FieldAccess).getField().getQualifiedName() + or + ( + value instanceof Literal or + value instanceof CompileTimeConstantExpr + ) and + if value instanceof StringLiteral + then result = "\"\"" + else result = stubDefaultValue(value.getType()) + or + result = stubAnnotation(value) + or + result = value.(TypeLiteral).getReferencedType().getName() + ".class" + or + value instanceof ArrayInit and + result = + "{" + + concat(int i, Expr arrayElement | + i >= 0 and + arrayElement = value.(ArrayInit).getInit(i) + | + stubAnnotationValue(arrayElement), "," order by i + ) + "}" +} + bindingset[s] private string indent(string s) { result = " " + s.replaceAll("\n", "\n ") + "\n" } diff --git a/java/ql/src/utils/stub-generator/makeStubs.py b/java/ql/src/utils/stub-generator/makeStubs.py index 17a5f4dcb41..6f668294701 100755 --- a/java/ql/src/utils/stub-generator/makeStubs.py +++ b/java/ql/src/utils/stub-generator/makeStubs.py @@ -99,8 +99,8 @@ else: dbDir = os.path.join(workDir, "db") -def print_javac_output(): - logFiles = glob.glob(os.path.join(dbDir, "log", "javac-output*")) +def print_javac_output(db_dir): + logFiles = glob.glob(os.path.join(db_dir, "log", "javac-output*")) if not(logFiles): print("\nNo javac output found.") @@ -124,7 +124,7 @@ def run(cmd): print("Stubbing qltest in", testDir) if run(['codeql', 'database', 'create', '--language=java', '--source-root='+projectDir, dbDir]): - print_javac_output() + print_javac_output(dbDir) print("codeql database create failed. Please fix up the test before proceeding.") exit(1) @@ -167,7 +167,9 @@ for (typ, stub) in results['#select']['tuples']: print("Verifying stub correctness") if run(['codeql', 'test', 'run', testDir]): - print_javac_output() + test_db_dir = glob.glob(os.path.join(testDir, "*.testproj")) + if test_db_dir: + print_javac_output(test_db_dir[0]) print('\nTest failed. You may need to fix up the generated stubs.') exit(1) diff --git a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected index 7af5593da99..7a6890d0b51 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected @@ -4201,1049 +4201,1049 @@ nodes | Log4jJndiInjectionTest.java:1121:63:1121:65 | map | semmle.label | map | subpaths #select -| Log4jJndiInjectionTest.java:31:26:31:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:31:26:31:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:32:26:32:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:32:26:32:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:33:41:33:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:33:41:33:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:34:41:34:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:34:41:34:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:35:41:35:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:35:41:35:58 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:36:41:36:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:36:41:36:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:37:41:37:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:37:41:37:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:38:41:38:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:38:41:38:48 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:39:41:39:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:39:41:39:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:40:41:40:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:40:41:40:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:41:56:41:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:41:56:41:78 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:42:56:42:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:42:56:42:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:43:41:43:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:43:41:43:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:44:71:44:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:44:71:44:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:45:56:45:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:45:56:45:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:46:41:46:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:46:41:46:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:47:86:47:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:47:86:47:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:48:71:48:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:48:71:48:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:49:56:49:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:49:56:49:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:50:41:50:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:50:41:50:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:51:101:51:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:51:101:51:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:52:86:52:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:52:86:52:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:53:71:53:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:53:71:53:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:54:56:54:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:54:56:54:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:55:41:55:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:55:41:55:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:56:116:56:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:56:116:56:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:57:101:57:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:57:101:57:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:58:86:58:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:58:86:58:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:59:71:59:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:59:71:59:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:60:56:60:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:60:56:60:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:61:41:61:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:61:41:61:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:62:131:62:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:62:131:62:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:63:116:63:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:63:116:63:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:64:101:64:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:64:101:64:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:65:86:65:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:65:86:65:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:66:71:66:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:66:71:66:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:67:56:67:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:67:56:67:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:68:41:68:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:68:41:68:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:69:146:69:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:69:146:69:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:70:131:70:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:70:131:70:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:71:116:71:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:71:116:71:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:72:101:72:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:72:101:72:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:73:86:73:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:73:86:73:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:74:71:74:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:74:71:74:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:75:56:75:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:75:56:75:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:76:41:76:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:76:41:76:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:77:161:77:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:77:161:77:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:78:146:78:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:78:146:78:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:79:131:79:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:79:131:79:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:80:116:80:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:80:116:80:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:81:101:81:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:81:101:81:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:82:86:82:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:82:86:82:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:83:71:83:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:83:71:83:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:84:56:84:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:84:56:84:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:85:41:85:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:85:41:85:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:86:176:86:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:86:176:86:192 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:87:161:87:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:87:161:87:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:88:146:88:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:88:146:88:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:89:131:89:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:89:131:89:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:90:116:90:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:90:116:90:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:91:101:91:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:91:101:91:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:92:86:92:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:92:86:92:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:93:71:93:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:93:71:93:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:94:56:94:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:94:56:94:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:95:41:95:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:95:41:95:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:96:41:96:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:96:41:96:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:97:56:97:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:97:56:97:77 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:98:41:98:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:98:41:98:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:99:41:99:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:99:41:99:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:100:41:100:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:100:41:100:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:101:26:101:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:101:26:101:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:102:26:102:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:102:26:102:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:103:26:103:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:103:26:103:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:104:26:104:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:104:26:104:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:105:26:105:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:105:26:105:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:106:26:106:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:106:26:106:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:107:26:107:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:107:26:107:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:108:26:108:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:108:26:108:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:109:41:109:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:109:41:109:63 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:110:41:110:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:110:41:110:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:111:26:111:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:111:26:111:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:112:56:112:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:112:56:112:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:113:41:113:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:113:41:113:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:114:26:114:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:114:26:114:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:115:71:115:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:115:71:115:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:116:56:116:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:116:56:116:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:117:41:117:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:117:41:117:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:118:26:118:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:118:26:118:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:119:86:119:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:119:86:119:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:120:71:120:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:120:71:120:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:121:56:121:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:121:56:121:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:122:41:122:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:122:41:122:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:123:26:123:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:123:26:123:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:124:101:124:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:124:101:124:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:125:86:125:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:125:86:125:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:126:71:126:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:126:71:126:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:127:56:127:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:127:56:127:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:128:41:128:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:128:41:128:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:129:26:129:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:129:26:129:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:130:116:130:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:130:116:130:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:131:101:131:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:131:101:131:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:132:86:132:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:132:86:132:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:133:71:133:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:133:71:133:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:134:56:134:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:134:56:134:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:135:41:135:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:135:41:135:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:136:26:136:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:136:26:136:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:137:131:137:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:137:131:137:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:138:116:138:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:138:116:138:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:139:101:139:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:139:101:139:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:140:86:140:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:140:86:140:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:141:71:141:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:141:71:141:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:142:56:142:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:142:56:142:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:143:41:143:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:143:41:143:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:144:26:144:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:144:26:144:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:145:146:145:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:145:146:145:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:146:131:146:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:146:131:146:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:147:116:147:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:147:116:147:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:148:101:148:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:148:101:148:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:149:86:149:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:149:86:149:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:150:71:150:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:150:71:150:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:151:56:151:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:151:56:151:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:152:41:152:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:152:41:152:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:153:26:153:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:153:26:153:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:154:161:154:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:154:161:154:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:155:146:155:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:155:146:155:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:156:131:156:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:156:131:156:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:157:116:157:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:157:116:157:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:158:101:158:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:158:101:158:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:159:86:159:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:159:86:159:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:160:71:160:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:160:71:160:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:161:56:161:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:161:56:161:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:162:41:162:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:162:41:162:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:163:26:163:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:163:26:163:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:164:26:164:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:164:26:164:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:165:41:165:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:165:41:165:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:166:26:166:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:166:26:166:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:167:26:167:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:167:26:167:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:168:26:168:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:168:26:168:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:169:26:169:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:169:26:169:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:170:26:170:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:170:26:170:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:171:41:171:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:171:41:171:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:172:41:172:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:172:41:172:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:173:41:173:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:173:41:173:58 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:174:41:174:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:174:41:174:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:175:41:175:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:175:41:175:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:176:41:176:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:176:41:176:48 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:177:41:177:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:177:41:177:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:178:41:178:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:178:41:178:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:179:56:179:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:179:56:179:78 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:180:56:180:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:180:56:180:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:181:41:181:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:181:41:181:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:182:71:182:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:182:71:182:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:183:56:183:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:183:56:183:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:184:41:184:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:184:41:184:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:185:86:185:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:185:86:185:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:186:71:186:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:186:71:186:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:187:56:187:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:187:56:187:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:188:41:188:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:188:41:188:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:189:101:189:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:189:101:189:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:190:86:190:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:190:86:190:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:191:71:191:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:191:71:191:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:192:56:192:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:192:56:192:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:193:41:193:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:193:41:193:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:194:116:194:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:194:116:194:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:195:101:195:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:195:101:195:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:196:86:196:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:196:86:196:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:197:71:197:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:197:71:197:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:198:56:198:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:198:56:198:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:199:41:199:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:199:41:199:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:200:131:200:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:200:131:200:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:201:116:201:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:201:116:201:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:202:101:202:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:202:101:202:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:203:86:203:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:203:86:203:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:204:71:204:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:204:71:204:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:205:56:205:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:205:56:205:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:206:41:206:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:206:41:206:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:207:146:207:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:207:146:207:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:208:131:208:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:208:131:208:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:209:116:209:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:209:116:209:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:210:101:210:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:210:101:210:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:211:86:211:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:211:86:211:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:212:71:212:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:212:71:212:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:213:56:213:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:213:56:213:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:214:41:214:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:214:41:214:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:215:161:215:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:215:161:215:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:216:146:216:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:216:146:216:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:217:131:217:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:217:131:217:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:218:116:218:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:218:116:218:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:219:101:219:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:219:101:219:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:220:86:220:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:220:86:220:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:221:71:221:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:221:71:221:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:222:56:222:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:222:56:222:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:223:41:223:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:223:41:223:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:224:176:224:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:224:176:224:192 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:225:161:225:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:225:161:225:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:226:146:226:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:226:146:226:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:227:131:227:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:227:131:227:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:228:116:228:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:228:116:228:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:229:101:229:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:229:101:229:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:230:86:230:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:230:86:230:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:231:71:231:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:231:71:231:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:232:56:232:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:232:56:232:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:233:41:233:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:233:41:233:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:234:41:234:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:234:41:234:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:235:56:235:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:235:56:235:77 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:236:41:236:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:236:41:236:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:237:41:237:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:237:41:237:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:238:41:238:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:238:41:238:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:239:26:239:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:239:26:239:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:240:26:240:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:240:26:240:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:241:26:241:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:241:26:241:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:242:26:242:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:242:26:242:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:243:26:243:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:243:26:243:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:244:26:244:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:244:26:244:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:245:26:245:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:245:26:245:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:246:26:246:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:246:26:246:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:247:41:247:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:247:41:247:63 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:248:41:248:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:248:41:248:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:249:26:249:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:249:26:249:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:250:56:250:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:250:56:250:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:251:41:251:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:251:41:251:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:252:26:252:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:252:26:252:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:253:71:253:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:253:71:253:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:254:56:254:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:254:56:254:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:255:41:255:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:255:41:255:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:256:26:256:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:256:26:256:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:257:86:257:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:257:86:257:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:258:71:258:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:258:71:258:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:259:56:259:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:259:56:259:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:260:41:260:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:260:41:260:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:261:26:261:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:261:26:261:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:262:101:262:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:262:101:262:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:263:86:263:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:263:86:263:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:264:71:264:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:264:71:264:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:265:56:265:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:265:56:265:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:266:41:266:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:266:41:266:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:267:26:267:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:267:26:267:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:268:116:268:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:268:116:268:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:269:101:269:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:269:101:269:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:270:86:270:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:270:86:270:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:271:71:271:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:271:71:271:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:272:56:272:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:272:56:272:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:273:41:273:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:273:41:273:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:274:26:274:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:274:26:274:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:275:131:275:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:275:131:275:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:276:116:276:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:276:116:276:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:277:101:277:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:277:101:277:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:278:86:278:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:278:86:278:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:279:71:279:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:279:71:279:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:280:56:280:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:280:56:280:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:281:41:281:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:281:41:281:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:282:26:282:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:282:26:282:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:283:146:283:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:283:146:283:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:284:131:284:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:284:131:284:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:285:116:285:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:285:116:285:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:286:101:286:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:286:101:286:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:287:86:287:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:287:86:287:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:288:71:288:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:288:71:288:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:289:56:289:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:289:56:289:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:290:41:290:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:290:41:290:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:291:26:291:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:291:26:291:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:292:161:292:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:292:161:292:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:293:146:293:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:293:146:293:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:294:131:294:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:294:131:294:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:295:116:295:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:295:116:295:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:296:101:296:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:296:101:296:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:297:86:297:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:297:86:297:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:298:71:298:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:298:71:298:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:299:56:299:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:299:56:299:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:300:41:300:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:300:41:300:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:301:26:301:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:301:26:301:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:302:26:302:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:302:26:302:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:303:41:303:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:303:41:303:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:304:26:304:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:304:26:304:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:305:26:305:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:305:26:305:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:306:26:306:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:306:26:306:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:307:26:307:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:307:26:307:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:308:26:308:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:308:26:308:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:309:41:309:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:309:41:309:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:310:41:310:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:310:41:310:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:311:41:311:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:311:41:311:58 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:312:41:312:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:312:41:312:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:313:41:313:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:313:41:313:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:314:41:314:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:314:41:314:48 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:315:41:315:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:315:41:315:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:316:41:316:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:316:41:316:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:317:56:317:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:317:56:317:78 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:318:56:318:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:318:56:318:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:319:41:319:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:319:41:319:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:320:71:320:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:320:71:320:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:321:56:321:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:321:56:321:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:322:41:322:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:322:41:322:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:323:86:323:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:323:86:323:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:324:71:324:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:324:71:324:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:325:56:325:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:325:56:325:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:326:41:326:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:326:41:326:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:327:101:327:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:327:101:327:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:328:86:328:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:328:86:328:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:329:71:329:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:329:71:329:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:330:56:330:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:330:56:330:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:331:41:331:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:331:41:331:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:332:116:332:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:332:116:332:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:333:101:333:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:333:101:333:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:334:86:334:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:334:86:334:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:335:71:335:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:335:71:335:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:336:56:336:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:336:56:336:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:337:41:337:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:337:41:337:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:338:131:338:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:338:131:338:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:339:116:339:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:339:116:339:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:340:101:340:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:340:101:340:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:341:86:341:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:341:86:341:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:342:71:342:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:342:71:342:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:343:56:343:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:343:56:343:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:344:41:344:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:344:41:344:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:345:146:345:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:345:146:345:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:346:131:346:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:346:131:346:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:347:116:347:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:347:116:347:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:348:101:348:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:348:101:348:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:349:86:349:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:349:86:349:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:350:71:350:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:350:71:350:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:351:56:351:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:351:56:351:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:352:41:352:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:352:41:352:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:353:161:353:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:353:161:353:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:354:146:354:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:354:146:354:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:355:131:355:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:355:131:355:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:356:116:356:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:356:116:356:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:357:101:357:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:357:101:357:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:358:86:358:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:358:86:358:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:359:71:359:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:359:71:359:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:360:56:360:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:360:56:360:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:361:41:361:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:361:41:361:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:362:176:362:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:362:176:362:192 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:363:161:363:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:363:161:363:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:364:146:364:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:364:146:364:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:365:131:365:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:365:131:365:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:366:116:366:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:366:116:366:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:367:101:367:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:367:101:367:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:368:86:368:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:368:86:368:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:369:71:369:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:369:71:369:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:370:56:370:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:370:56:370:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:371:41:371:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:371:41:371:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:372:41:372:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:372:41:372:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:373:56:373:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:373:56:373:77 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:374:41:374:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:374:41:374:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:375:41:375:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:375:41:375:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:376:41:376:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:376:41:376:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:377:26:377:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:377:26:377:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:378:26:378:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:378:26:378:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:379:26:379:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:379:26:379:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:380:26:380:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:380:26:380:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:381:26:381:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:381:26:381:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:382:26:382:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:382:26:382:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:383:26:383:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:383:26:383:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:384:26:384:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:384:26:384:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:385:41:385:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:385:41:385:63 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:386:41:386:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:386:41:386:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:387:26:387:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:387:26:387:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:388:56:388:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:388:56:388:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:389:41:389:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:389:41:389:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:390:26:390:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:390:26:390:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:391:71:391:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:391:71:391:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:392:56:392:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:392:56:392:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:393:41:393:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:393:41:393:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:394:26:394:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:394:26:394:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:395:86:395:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:395:86:395:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:396:71:396:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:396:71:396:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:397:56:397:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:397:56:397:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:398:41:398:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:398:41:398:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:399:26:399:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:399:26:399:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:400:101:400:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:400:101:400:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:401:86:401:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:401:86:401:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:402:71:402:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:402:71:402:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:403:56:403:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:403:56:403:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:404:41:404:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:404:41:404:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:405:26:405:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:405:26:405:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:406:116:406:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:406:116:406:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:407:101:407:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:407:101:407:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:408:86:408:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:408:86:408:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:409:71:409:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:409:71:409:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:410:56:410:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:410:56:410:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:411:41:411:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:411:41:411:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:412:26:412:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:412:26:412:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:413:131:413:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:413:131:413:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:414:116:414:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:414:116:414:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:415:101:415:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:415:101:415:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:416:86:416:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:416:86:416:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:417:71:417:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:417:71:417:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:418:56:418:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:418:56:418:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:419:41:419:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:419:41:419:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:420:26:420:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:420:26:420:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:421:146:421:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:421:146:421:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:422:131:422:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:422:131:422:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:423:116:423:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:423:116:423:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:424:101:424:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:424:101:424:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:425:86:425:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:425:86:425:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:426:71:426:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:426:71:426:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:427:56:427:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:427:56:427:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:428:41:428:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:428:41:428:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:429:26:429:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:429:26:429:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:430:161:430:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:430:161:430:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:431:146:431:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:431:146:431:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:432:131:432:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:432:131:432:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:433:116:433:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:433:116:433:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:434:101:434:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:434:101:434:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:435:86:435:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:435:86:435:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:436:71:436:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:436:71:436:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:437:56:437:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:437:56:437:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:438:41:438:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:438:41:438:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:439:26:439:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:439:26:439:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:440:26:440:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:440:26:440:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:441:41:441:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:441:41:441:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:442:26:442:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:442:26:442:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:443:26:443:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:443:26:443:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:444:26:444:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:444:26:444:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:445:25:445:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:445:25:445:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:446:25:446:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:446:25:446:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:447:40:447:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:447:40:447:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:448:40:448:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:448:40:448:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:449:40:449:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:449:40:449:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:450:40:450:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:450:40:450:65 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:451:40:451:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:451:40:451:65 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:452:40:452:47 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:452:40:452:47 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:453:40:453:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:453:40:453:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:454:40:454:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:454:40:454:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:455:55:455:77 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:455:55:455:77 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:456:55:456:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:456:55:456:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:457:40:457:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:457:40:457:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:458:70:458:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:458:70:458:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:459:55:459:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:459:55:459:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:460:40:460:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:460:40:460:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:461:85:461:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:461:85:461:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:462:70:462:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:462:70:462:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:463:55:463:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:463:55:463:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:464:40:464:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:464:40:464:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:465:100:465:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:465:100:465:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:466:85:466:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:466:85:466:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:467:70:467:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:467:70:467:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:468:55:468:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:468:55:468:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:469:40:469:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:469:40:469:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:470:115:470:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:470:115:470:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:471:100:471:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:471:100:471:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:472:85:472:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:472:85:472:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:473:70:473:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:473:70:473:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:474:55:474:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:474:55:474:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:475:40:475:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:475:40:475:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:476:130:476:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:476:130:476:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:477:115:477:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:477:115:477:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:478:100:478:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:478:100:478:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:479:85:479:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:479:85:479:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:480:70:480:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:480:70:480:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:481:55:481:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:481:55:481:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:482:40:482:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:482:40:482:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:483:145:483:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:483:145:483:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:484:130:484:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:484:130:484:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:485:115:485:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:485:115:485:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:486:100:486:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:486:100:486:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:487:85:487:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:487:85:487:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:488:70:488:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:488:70:488:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:489:55:489:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:489:55:489:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:490:40:490:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:490:40:490:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:491:160:491:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:491:160:491:176 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:492:145:492:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:492:145:492:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:493:130:493:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:493:130:493:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:494:115:494:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:494:115:494:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:495:100:495:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:495:100:495:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:496:85:496:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:496:85:496:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:497:70:497:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:497:70:497:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:498:55:498:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:498:55:498:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:499:40:499:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:499:40:499:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:500:175:500:191 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:500:175:500:191 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:501:160:501:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:501:160:501:176 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:502:145:502:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:502:145:502:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:503:130:503:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:503:130:503:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:504:115:504:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:504:115:504:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:505:100:505:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:505:100:505:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:506:85:506:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:506:85:506:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:507:70:507:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:507:70:507:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:508:55:508:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:508:55:508:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:509:40:509:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:509:40:509:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:510:40:510:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:510:40:510:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:511:55:511:76 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:511:55:511:76 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:512:40:512:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:512:40:512:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:513:40:513:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:513:40:513:61 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:514:40:514:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:514:40:514:61 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:515:25:515:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:515:25:515:50 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:516:25:516:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:516:25:516:50 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:517:25:517:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:517:25:517:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:518:25:518:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:518:25:518:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:519:25:519:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:519:25:519:32 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:520:25:520:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:520:25:520:32 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:521:25:521:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:521:25:521:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:522:25:522:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:522:25:522:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:523:40:523:62 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:523:40:523:62 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:524:40:524:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:524:40:524:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:525:25:525:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:525:25:525:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:526:55:526:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:526:55:526:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:527:40:527:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:527:40:527:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:528:25:528:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:528:25:528:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:529:70:529:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:529:70:529:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:530:55:530:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:530:55:530:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:531:40:531:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:531:40:531:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:532:25:532:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:532:25:532:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:533:85:533:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:533:85:533:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:534:70:534:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:534:70:534:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:535:55:535:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:535:55:535:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:536:40:536:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:536:40:536:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:537:25:537:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:537:25:537:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:538:100:538:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:538:100:538:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:539:85:539:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:539:85:539:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:540:70:540:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:540:70:540:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:541:55:541:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:541:55:541:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:542:40:542:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:542:40:542:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:543:25:543:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:543:25:543:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:544:115:544:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:544:115:544:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:545:100:545:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:545:100:545:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:546:85:546:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:546:85:546:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:547:70:547:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:547:70:547:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:548:55:548:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:548:55:548:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:549:40:549:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:549:40:549:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:550:25:550:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:550:25:550:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:551:130:551:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:551:130:551:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:552:115:552:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:552:115:552:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:553:100:553:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:553:100:553:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:554:85:554:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:554:85:554:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:555:70:555:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:555:70:555:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:556:55:556:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:556:55:556:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:557:40:557:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:557:40:557:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:558:25:558:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:558:25:558:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:559:145:559:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:559:145:559:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:560:130:560:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:560:130:560:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:561:115:561:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:561:115:561:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:562:100:562:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:562:100:562:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:563:85:563:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:563:85:563:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:564:70:564:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:564:70:564:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:565:55:565:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:565:55:565:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:566:40:566:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:566:40:566:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:567:25:567:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:567:25:567:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:568:160:568:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:568:160:568:176 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:569:145:569:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:569:145:569:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:570:130:570:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:570:130:570:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:571:115:571:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:571:115:571:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:572:100:572:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:572:100:572:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:573:85:573:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:573:85:573:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:574:70:574:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:574:70:574:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:575:55:575:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:575:55:575:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:576:40:576:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:576:40:576:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:577:25:577:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:577:25:577:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:578:25:578:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:578:25:578:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:579:40:579:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:579:40:579:61 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:580:25:580:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:580:25:580:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:581:25:581:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:581:25:581:46 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:582:25:582:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:582:25:582:46 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:583:38:583:60 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:583:38:583:60 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:584:38:584:60 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:584:38:584:60 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:585:53:585:75 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:585:53:585:75 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:586:53:586:75 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:586:53:586:75 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:587:53:587:70 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:587:53:587:70 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:588:53:588:78 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:588:53:588:78 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:589:53:589:78 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:589:53:589:78 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:590:53:590:60 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:590:53:590:60 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:591:53:591:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:591:53:591:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:592:53:592:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:592:53:592:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:593:68:593:90 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:593:68:593:90 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:594:68:594:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:594:68:594:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:595:53:595:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:595:53:595:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:596:83:596:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:596:83:596:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:597:68:597:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:597:68:597:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:598:53:598:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:598:53:598:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:599:98:599:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:599:98:599:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:600:83:600:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:600:83:600:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:601:68:601:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:601:68:601:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:602:53:602:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:602:53:602:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:603:113:603:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:603:113:603:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:604:98:604:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:604:98:604:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:605:83:605:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:605:83:605:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:606:68:606:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:606:68:606:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:607:53:607:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:607:53:607:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:608:128:608:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:608:128:608:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:609:113:609:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:609:113:609:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:610:98:610:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:610:98:610:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:611:83:611:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:611:83:611:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:612:68:612:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:612:68:612:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:613:53:613:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:613:53:613:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:614:143:614:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:614:143:614:159 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:615:128:615:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:615:128:615:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:616:113:616:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:616:113:616:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:617:98:617:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:617:98:617:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:618:83:618:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:618:83:618:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:619:68:619:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:619:68:619:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:620:53:620:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:620:53:620:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:621:158:621:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:621:158:621:174 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:622:143:622:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:622:143:622:159 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:623:128:623:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:623:128:623:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:624:113:624:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:624:113:624:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:625:98:625:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:625:98:625:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:626:83:626:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:626:83:626:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:627:68:627:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:627:68:627:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:628:53:628:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:628:53:628:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:629:173:629:189 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:629:173:629:189 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:630:158:630:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:630:158:630:174 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:631:143:631:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:631:143:631:159 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:632:128:632:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:632:128:632:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:633:113:633:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:633:113:633:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:634:98:634:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:634:98:634:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:635:83:635:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:635:83:635:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:636:68:636:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:636:68:636:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:637:53:637:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:637:53:637:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:638:188:638:204 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:638:188:638:204 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:639:173:639:189 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:639:173:639:189 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:640:158:640:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:640:158:640:174 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:641:143:641:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:641:143:641:159 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:642:128:642:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:642:128:642:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:643:113:643:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:643:113:643:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:644:98:644:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:644:98:644:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:645:83:645:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:645:83:645:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:646:68:646:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:646:68:646:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:647:53:647:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:647:53:647:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:648:53:648:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:648:53:648:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:649:68:649:89 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:649:68:649:89 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:650:53:650:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:650:53:650:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:651:53:651:74 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:651:53:651:74 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:652:53:652:74 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:652:53:652:74 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:653:38:653:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:653:38:653:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:654:38:654:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:654:38:654:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:655:38:655:55 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:655:38:655:55 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:656:38:656:55 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:656:38:656:55 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:657:38:657:45 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:657:38:657:45 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:658:38:658:45 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:658:38:658:45 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:659:38:659:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:659:38:659:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:660:38:660:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:660:38:660:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:661:53:661:75 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:661:53:661:75 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:662:53:662:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:662:53:662:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:663:38:663:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:663:38:663:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:664:68:664:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:664:68:664:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:665:53:665:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:665:53:665:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:666:38:666:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:666:38:666:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:667:83:667:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:667:83:667:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:668:68:668:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:668:68:668:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:669:53:669:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:669:53:669:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:670:38:670:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:670:38:670:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:671:98:671:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:671:98:671:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:672:83:672:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:672:83:672:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:673:68:673:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:673:68:673:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:674:53:674:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:674:53:674:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:675:38:675:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:675:38:675:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:676:113:676:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:676:113:676:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:677:98:677:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:677:98:677:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:678:83:678:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:678:83:678:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:679:68:679:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:679:68:679:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:680:53:680:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:680:53:680:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:681:38:681:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:681:38:681:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:682:128:682:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:682:128:682:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:683:113:683:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:683:113:683:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:684:98:684:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:684:98:684:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:685:83:685:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:685:83:685:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:686:68:686:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:686:68:686:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:687:53:687:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:687:53:687:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:688:38:688:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:688:38:688:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:689:143:689:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:689:143:689:159 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:690:128:690:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:690:128:690:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:691:113:691:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:691:113:691:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:692:98:692:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:692:98:692:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:693:83:693:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:693:83:693:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:694:68:694:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:694:68:694:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:695:53:695:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:695:53:695:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:696:38:696:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:696:38:696:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:697:158:697:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:697:158:697:174 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:698:143:698:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:698:143:698:159 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:699:128:699:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:699:128:699:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:700:113:700:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:700:113:700:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:701:98:701:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:701:98:701:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:702:83:702:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:702:83:702:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:703:68:703:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:703:68:703:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:704:53:704:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:704:53:704:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:705:38:705:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:705:38:705:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:706:173:706:189 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:706:173:706:189 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:707:158:707:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:707:158:707:174 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:708:143:708:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:708:143:708:159 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:709:128:709:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:709:128:709:144 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:710:113:710:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:710:113:710:129 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:711:98:711:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:711:98:711:114 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:712:83:712:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:712:83:712:99 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:713:68:713:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:713:68:713:84 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:714:53:714:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:714:53:714:69 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:715:38:715:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:715:38:715:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:716:38:716:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:716:38:716:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:717:53:717:74 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:717:53:717:74 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:718:38:718:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:718:38:718:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:719:38:719:59 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:719:38:719:59 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:720:38:720:59 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:720:38:720:59 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:721:26:721:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:721:26:721:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:722:26:722:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:722:26:722:48 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:723:41:723:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:723:41:723:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:724:41:724:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:724:41:724:63 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:725:41:725:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:725:41:725:58 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:726:41:726:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:726:41:726:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:727:41:727:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:727:41:727:66 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:728:41:728:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:728:41:728:48 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:729:41:729:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:729:41:729:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:730:41:730:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:730:41:730:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:731:56:731:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:731:56:731:78 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:732:56:732:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:732:56:732:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:733:41:733:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:733:41:733:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:734:71:734:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:734:71:734:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:735:56:735:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:735:56:735:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:736:41:736:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:736:41:736:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:737:86:737:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:737:86:737:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:738:71:738:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:738:71:738:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:739:56:739:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:739:56:739:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:740:41:740:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:740:41:740:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:741:101:741:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:741:101:741:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:742:86:742:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:742:86:742:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:743:71:743:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:743:71:743:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:744:56:744:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:744:56:744:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:745:41:745:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:745:41:745:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:746:116:746:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:746:116:746:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:747:101:747:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:747:101:747:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:748:86:748:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:748:86:748:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:749:71:749:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:749:71:749:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:750:56:750:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:750:56:750:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:751:41:751:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:751:41:751:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:752:131:752:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:752:131:752:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:753:116:753:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:753:116:753:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:754:101:754:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:754:101:754:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:755:86:755:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:755:86:755:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:756:71:756:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:756:71:756:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:757:56:757:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:757:56:757:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:758:41:758:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:758:41:758:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:759:146:759:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:759:146:759:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:760:131:760:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:760:131:760:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:761:116:761:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:761:116:761:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:762:101:762:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:762:101:762:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:763:86:763:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:763:86:763:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:764:71:764:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:764:71:764:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:765:56:765:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:765:56:765:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:766:41:766:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:766:41:766:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:767:161:767:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:767:161:767:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:768:146:768:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:768:146:768:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:769:131:769:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:769:131:769:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:770:116:770:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:770:116:770:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:771:101:771:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:771:101:771:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:772:86:772:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:772:86:772:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:773:71:773:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:773:71:773:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:774:56:774:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:774:56:774:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:775:41:775:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:775:41:775:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:776:176:776:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:776:176:776:192 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:777:161:777:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:777:161:777:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:778:146:778:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:778:146:778:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:779:131:779:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:779:131:779:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:780:116:780:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:780:116:780:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:781:101:781:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:781:101:781:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:782:86:782:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:782:86:782:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:783:71:783:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:783:71:783:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:784:56:784:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:784:56:784:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:785:41:785:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:785:41:785:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:786:41:786:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:786:41:786:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:787:56:787:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:787:56:787:77 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:788:41:788:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:788:41:788:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:789:41:789:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:789:41:789:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:790:41:790:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:790:41:790:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:791:26:791:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:791:26:791:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:792:26:792:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:792:26:792:51 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:793:26:793:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:793:26:793:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:794:26:794:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:794:26:794:43 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:795:26:795:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:795:26:795:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:796:26:796:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:796:26:796:33 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:797:26:797:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:797:26:797:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:798:26:798:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:798:26:798:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:799:41:799:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:799:41:799:63 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:800:41:800:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:800:41:800:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:801:26:801:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:801:26:801:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:802:56:802:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:802:56:802:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:803:41:803:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:803:41:803:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:804:26:804:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:804:26:804:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:805:71:805:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:805:71:805:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:806:56:806:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:806:56:806:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:807:41:807:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:807:41:807:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:808:26:808:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:808:26:808:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:809:86:809:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:809:86:809:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:810:71:810:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:810:71:810:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:811:56:811:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:811:56:811:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:812:41:812:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:812:41:812:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:813:26:813:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:813:26:813:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:814:101:814:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:814:101:814:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:815:86:815:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:815:86:815:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:816:71:816:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:816:71:816:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:817:56:817:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:817:56:817:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:818:41:818:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:818:41:818:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:819:26:819:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:819:26:819:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:820:116:820:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:820:116:820:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:821:101:821:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:821:101:821:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:822:86:822:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:822:86:822:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:823:71:823:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:823:71:823:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:824:56:824:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:824:56:824:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:825:41:825:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:825:41:825:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:826:26:826:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:826:26:826:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:827:131:827:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:827:131:827:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:828:116:828:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:828:116:828:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:829:101:829:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:829:101:829:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:830:86:830:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:830:86:830:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:831:71:831:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:831:71:831:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:832:56:832:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:832:56:832:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:833:41:833:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:833:41:833:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:834:26:834:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:834:26:834:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:835:146:835:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:835:146:835:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:836:131:836:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:836:131:836:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:837:116:837:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:837:116:837:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:838:101:838:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:838:101:838:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:839:86:839:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:839:86:839:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:840:71:840:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:840:71:840:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:841:56:841:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:841:56:841:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:842:41:842:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:842:41:842:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:843:26:843:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:843:26:843:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:844:161:844:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:844:161:844:177 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:845:146:845:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:845:146:845:162 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:846:131:846:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:846:131:846:147 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:847:116:847:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:847:116:847:132 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:848:101:848:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:848:101:848:117 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:849:86:849:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:849:86:849:102 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:850:71:850:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:850:71:850:87 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:851:56:851:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:851:56:851:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:852:41:852:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:852:41:852:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:853:26:853:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:853:26:853:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:854:26:854:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:854:26:854:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:855:41:855:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:855:41:855:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:856:26:856:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:856:26:856:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:857:26:857:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:857:26:857:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:858:26:858:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:858:26:858:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:859:25:859:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:859:25:859:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:860:25:860:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:860:25:860:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:861:40:861:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:861:40:861:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:862:40:862:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:862:40:862:62 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:863:40:863:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:863:40:863:57 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:864:40:864:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:864:40:864:65 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:865:40:865:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:865:40:865:65 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:866:40:866:47 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:866:40:866:47 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:867:40:867:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:867:40:867:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:868:40:868:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:868:40:868:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:869:55:869:77 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:869:55:869:77 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:870:55:870:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:870:55:870:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:871:40:871:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:871:40:871:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:872:70:872:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:872:70:872:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:873:55:873:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:873:55:873:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:874:40:874:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:874:40:874:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:875:85:875:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:875:85:875:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:876:70:876:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:876:70:876:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:877:55:877:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:877:55:877:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:878:40:878:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:878:40:878:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:879:100:879:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:879:100:879:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:880:85:880:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:880:85:880:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:881:70:881:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:881:70:881:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:882:55:882:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:882:55:882:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:883:40:883:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:883:40:883:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:884:115:884:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:884:115:884:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:885:100:885:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:885:100:885:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:886:85:886:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:886:85:886:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:887:70:887:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:887:70:887:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:888:55:888:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:888:55:888:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:889:40:889:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:889:40:889:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:890:130:890:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:890:130:890:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:891:115:891:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:891:115:891:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:892:100:892:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:892:100:892:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:893:85:893:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:893:85:893:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:894:70:894:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:894:70:894:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:895:55:895:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:895:55:895:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:896:40:896:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:896:40:896:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:897:145:897:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:897:145:897:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:898:130:898:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:898:130:898:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:899:115:899:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:899:115:899:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:900:100:900:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:900:100:900:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:901:85:901:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:901:85:901:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:902:70:902:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:902:70:902:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:903:55:903:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:903:55:903:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:904:40:904:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:904:40:904:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:905:160:905:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:905:160:905:176 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:906:145:906:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:906:145:906:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:907:130:907:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:907:130:907:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:908:115:908:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:908:115:908:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:909:100:909:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:909:100:909:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:910:85:910:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:910:85:910:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:911:70:911:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:911:70:911:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:912:55:912:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:912:55:912:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:913:40:913:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:913:40:913:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:914:175:914:191 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:914:175:914:191 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:915:160:915:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:915:160:915:176 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:916:145:916:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:916:145:916:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:917:130:917:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:917:130:917:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:918:115:918:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:918:115:918:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:919:100:919:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:919:100:919:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:920:85:920:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:920:85:920:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:921:70:921:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:921:70:921:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:922:55:922:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:922:55:922:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:923:40:923:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:923:40:923:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:924:40:924:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:924:40:924:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:925:55:925:76 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:925:55:925:76 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:926:40:926:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:926:40:926:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:927:40:927:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:927:40:927:61 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:928:40:928:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:928:40:928:61 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:929:25:929:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:929:25:929:50 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:930:25:930:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:930:25:930:50 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:931:25:931:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:931:25:931:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:932:25:932:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:932:25:932:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:933:25:933:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:933:25:933:32 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:934:25:934:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:934:25:934:32 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:935:25:935:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:935:25:935:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:936:25:936:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:936:25:936:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:937:40:937:62 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:937:40:937:62 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:938:40:938:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:938:40:938:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:939:25:939:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:939:25:939:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:940:55:940:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:940:55:940:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:941:40:941:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:941:40:941:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:942:25:942:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:942:25:942:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:943:70:943:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:943:70:943:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:944:55:944:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:944:55:944:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:945:40:945:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:945:40:945:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:946:25:946:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:946:25:946:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:947:85:947:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:947:85:947:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:948:70:948:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:948:70:948:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:949:55:949:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:949:55:949:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:950:40:950:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:950:40:950:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:951:25:951:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:951:25:951:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:952:100:952:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:952:100:952:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:953:85:953:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:953:85:953:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:954:70:954:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:954:70:954:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:955:55:955:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:955:55:955:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:956:40:956:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:956:40:956:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:957:25:957:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:957:25:957:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:958:115:958:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:958:115:958:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:959:100:959:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:959:100:959:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:960:85:960:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:960:85:960:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:961:70:961:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:961:70:961:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:962:55:962:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:962:55:962:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:963:40:963:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:963:40:963:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:964:25:964:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:964:25:964:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:965:130:965:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:965:130:965:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:966:115:966:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:966:115:966:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:967:100:967:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:967:100:967:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:968:85:968:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:968:85:968:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:969:70:969:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:969:70:969:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:970:55:970:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:970:55:970:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:971:40:971:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:971:40:971:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:972:25:972:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:972:25:972:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:973:145:973:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:973:145:973:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:974:130:974:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:974:130:974:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:975:115:975:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:975:115:975:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:976:100:976:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:976:100:976:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:977:85:977:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:977:85:977:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:978:70:978:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:978:70:978:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:979:55:979:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:979:55:979:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:980:40:980:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:980:40:980:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:981:25:981:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:981:25:981:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:982:160:982:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:982:160:982:176 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:983:145:983:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:983:145:983:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:984:130:984:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:984:130:984:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:985:115:985:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:985:115:985:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:986:100:986:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:986:100:986:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:987:85:987:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:987:85:987:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:988:70:988:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:988:70:988:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:989:55:989:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:989:55:989:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:990:40:990:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:990:40:990:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:991:25:991:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:991:25:991:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:992:25:992:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:992:25:992:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:993:40:993:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:993:40:993:61 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:994:25:994:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:994:25:994:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:995:25:995:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:995:25:995:46 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:996:25:996:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:996:25:996:46 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:998:55:998:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:998:55:998:72 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:999:39:999:55 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:999:39:999:55 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1000:45:1000:67 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1000:45:1000:67 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1001:33:1001:49 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1001:33:1001:49 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1002:39:1002:61 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1002:39:1002:61 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1020:25:1020:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1020:25:1020:47 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1021:25:1021:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1021:25:1021:42 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1022:25:1022:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1022:25:1022:32 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1023:25:1023:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1023:25:1023:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1024:25:1024:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1024:25:1024:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1025:40:1025:62 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1025:40:1025:62 | new Object[] | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1026:40:1026:47 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1026:40:1026:47 | source(...) | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1028:40:1028:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1028:40:1028:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1029:25:1029:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1029:25:1029:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1030:55:1030:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1030:55:1030:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1031:40:1031:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1031:40:1031:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1032:25:1032:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1032:25:1032:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1033:70:1033:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1033:70:1033:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1034:55:1034:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1034:55:1034:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1035:40:1035:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1035:40:1035:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1036:25:1036:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1036:25:1036:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1037:85:1037:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1037:85:1037:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1038:70:1038:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1038:70:1038:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1039:55:1039:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1039:55:1039:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1040:40:1040:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1040:40:1040:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1041:25:1041:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1041:25:1041:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1042:100:1042:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1042:100:1042:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1043:85:1043:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1043:85:1043:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1044:70:1044:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1044:70:1044:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1045:55:1045:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1045:55:1045:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1046:40:1046:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1046:40:1046:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1047:25:1047:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1047:25:1047:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1048:115:1048:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1048:115:1048:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1049:100:1049:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1049:100:1049:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1050:85:1050:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1050:85:1050:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1051:70:1051:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1051:70:1051:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1052:55:1052:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1052:55:1052:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1053:40:1053:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1053:40:1053:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1054:25:1054:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1054:25:1054:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1055:130:1055:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1055:130:1055:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1056:115:1056:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1056:115:1056:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1057:100:1057:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1057:100:1057:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1058:85:1058:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1058:85:1058:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1059:70:1059:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1059:70:1059:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1060:55:1060:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1060:55:1060:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1061:40:1061:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1061:40:1061:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1062:25:1062:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1062:25:1062:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1063:145:1063:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1063:145:1063:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1064:130:1064:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1064:130:1064:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1065:115:1065:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1065:115:1065:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1066:100:1066:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1066:100:1066:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1067:85:1067:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1067:85:1067:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1068:70:1068:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1068:70:1068:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1069:55:1069:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1069:55:1069:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1070:40:1070:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1070:40:1070:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1071:25:1071:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1071:25:1071:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1072:160:1072:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1072:160:1072:176 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1073:145:1073:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1073:145:1073:161 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1074:130:1074:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1074:130:1074:146 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1075:115:1075:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1075:115:1075:131 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1076:100:1076:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1076:100:1076:116 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1077:85:1077:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1077:85:1077:101 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1078:70:1078:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1078:70:1078:86 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1079:55:1079:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1079:55:1079:71 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1080:40:1080:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1080:40:1080:56 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1081:25:1081:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1081:25:1081:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1083:25:1083:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1083:25:1083:41 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1084:40:1084:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1084:40:1084:61 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1085:25:1085:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1085:25:1085:46 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1088:38:1088:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1088:38:1088:54 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1089:44:1089:60 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1089:44:1089:60 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1092:34:1092:36 | map | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1092:34:1092:36 | map | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1096:26:1096:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1096:26:1096:29 | mmsg | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1101:26:1101:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1101:26:1101:29 | mmsg | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1106:26:1106:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1106:26:1106:29 | mmsg | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1113:26:1113:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1113:26:1113:29 | mmsg | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1116:52:1116:68 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1116:52:1116:68 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1117:72:1117:88 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1117:72:1117:88 | (...)... | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1120:43:1120:45 | map | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1120:43:1120:45 | map | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | -| Log4jJndiInjectionTest.java:1121:63:1121:65 | map | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1121:63:1121:65 | map | This $@ flows to a Log4j log entry. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:31:26:31:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:31:26:31:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:32:26:32:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:32:26:32:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:33:41:33:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:33:41:33:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:34:41:34:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:34:41:34:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:35:41:35:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:35:41:35:58 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:36:41:36:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:36:41:36:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:37:41:37:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:37:41:37:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:38:41:38:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:38:41:38:48 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:39:41:39:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:39:41:39:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:40:41:40:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:40:41:40:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:41:56:41:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:41:56:41:78 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:42:56:42:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:42:56:42:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:43:41:43:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:43:41:43:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:44:71:44:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:44:71:44:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:45:56:45:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:45:56:45:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:46:41:46:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:46:41:46:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:47:86:47:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:47:86:47:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:48:71:48:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:48:71:48:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:49:56:49:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:49:56:49:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:50:41:50:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:50:41:50:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:51:101:51:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:51:101:51:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:52:86:52:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:52:86:52:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:53:71:53:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:53:71:53:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:54:56:54:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:54:56:54:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:55:41:55:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:55:41:55:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:56:116:56:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:56:116:56:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:57:101:57:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:57:101:57:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:58:86:58:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:58:86:58:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:59:71:59:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:59:71:59:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:60:56:60:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:60:56:60:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:61:41:61:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:61:41:61:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:62:131:62:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:62:131:62:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:63:116:63:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:63:116:63:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:64:101:64:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:64:101:64:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:65:86:65:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:65:86:65:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:66:71:66:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:66:71:66:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:67:56:67:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:67:56:67:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:68:41:68:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:68:41:68:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:69:146:69:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:69:146:69:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:70:131:70:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:70:131:70:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:71:116:71:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:71:116:71:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:72:101:72:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:72:101:72:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:73:86:73:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:73:86:73:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:74:71:74:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:74:71:74:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:75:56:75:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:75:56:75:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:76:41:76:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:76:41:76:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:77:161:77:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:77:161:77:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:78:146:78:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:78:146:78:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:79:131:79:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:79:131:79:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:80:116:80:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:80:116:80:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:81:101:81:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:81:101:81:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:82:86:82:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:82:86:82:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:83:71:83:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:83:71:83:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:84:56:84:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:84:56:84:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:85:41:85:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:85:41:85:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:86:176:86:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:86:176:86:192 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:87:161:87:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:87:161:87:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:88:146:88:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:88:146:88:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:89:131:89:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:89:131:89:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:90:116:90:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:90:116:90:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:91:101:91:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:91:101:91:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:92:86:92:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:92:86:92:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:93:71:93:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:93:71:93:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:94:56:94:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:94:56:94:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:95:41:95:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:95:41:95:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:96:41:96:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:96:41:96:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:97:56:97:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:97:56:97:77 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:98:41:98:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:98:41:98:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:99:41:99:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:99:41:99:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:100:41:100:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:100:41:100:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:101:26:101:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:101:26:101:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:102:26:102:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:102:26:102:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:103:26:103:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:103:26:103:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:104:26:104:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:104:26:104:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:105:26:105:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:105:26:105:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:106:26:106:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:106:26:106:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:107:26:107:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:107:26:107:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:108:26:108:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:108:26:108:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:109:41:109:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:109:41:109:63 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:110:41:110:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:110:41:110:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:111:26:111:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:111:26:111:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:112:56:112:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:112:56:112:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:113:41:113:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:113:41:113:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:114:26:114:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:114:26:114:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:115:71:115:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:115:71:115:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:116:56:116:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:116:56:116:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:117:41:117:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:117:41:117:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:118:26:118:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:118:26:118:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:119:86:119:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:119:86:119:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:120:71:120:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:120:71:120:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:121:56:121:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:121:56:121:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:122:41:122:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:122:41:122:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:123:26:123:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:123:26:123:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:124:101:124:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:124:101:124:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:125:86:125:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:125:86:125:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:126:71:126:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:126:71:126:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:127:56:127:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:127:56:127:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:128:41:128:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:128:41:128:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:129:26:129:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:129:26:129:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:130:116:130:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:130:116:130:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:131:101:131:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:131:101:131:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:132:86:132:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:132:86:132:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:133:71:133:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:133:71:133:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:134:56:134:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:134:56:134:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:135:41:135:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:135:41:135:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:136:26:136:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:136:26:136:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:137:131:137:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:137:131:137:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:138:116:138:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:138:116:138:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:139:101:139:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:139:101:139:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:140:86:140:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:140:86:140:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:141:71:141:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:141:71:141:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:142:56:142:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:142:56:142:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:143:41:143:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:143:41:143:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:144:26:144:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:144:26:144:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:145:146:145:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:145:146:145:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:146:131:146:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:146:131:146:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:147:116:147:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:147:116:147:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:148:101:148:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:148:101:148:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:149:86:149:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:149:86:149:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:150:71:150:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:150:71:150:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:151:56:151:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:151:56:151:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:152:41:152:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:152:41:152:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:153:26:153:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:153:26:153:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:154:161:154:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:154:161:154:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:155:146:155:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:155:146:155:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:156:131:156:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:156:131:156:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:157:116:157:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:157:116:157:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:158:101:158:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:158:101:158:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:159:86:159:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:159:86:159:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:160:71:160:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:160:71:160:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:161:56:161:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:161:56:161:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:162:41:162:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:162:41:162:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:163:26:163:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:163:26:163:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:164:26:164:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:164:26:164:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:165:41:165:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:165:41:165:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:166:26:166:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:166:26:166:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:167:26:167:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:167:26:167:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:168:26:168:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:168:26:168:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:169:26:169:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:169:26:169:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:170:26:170:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:170:26:170:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:171:41:171:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:171:41:171:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:172:41:172:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:172:41:172:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:173:41:173:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:173:41:173:58 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:174:41:174:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:174:41:174:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:175:41:175:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:175:41:175:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:176:41:176:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:176:41:176:48 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:177:41:177:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:177:41:177:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:178:41:178:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:178:41:178:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:179:56:179:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:179:56:179:78 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:180:56:180:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:180:56:180:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:181:41:181:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:181:41:181:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:182:71:182:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:182:71:182:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:183:56:183:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:183:56:183:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:184:41:184:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:184:41:184:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:185:86:185:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:185:86:185:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:186:71:186:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:186:71:186:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:187:56:187:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:187:56:187:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:188:41:188:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:188:41:188:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:189:101:189:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:189:101:189:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:190:86:190:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:190:86:190:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:191:71:191:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:191:71:191:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:192:56:192:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:192:56:192:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:193:41:193:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:193:41:193:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:194:116:194:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:194:116:194:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:195:101:195:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:195:101:195:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:196:86:196:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:196:86:196:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:197:71:197:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:197:71:197:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:198:56:198:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:198:56:198:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:199:41:199:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:199:41:199:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:200:131:200:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:200:131:200:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:201:116:201:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:201:116:201:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:202:101:202:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:202:101:202:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:203:86:203:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:203:86:203:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:204:71:204:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:204:71:204:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:205:56:205:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:205:56:205:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:206:41:206:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:206:41:206:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:207:146:207:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:207:146:207:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:208:131:208:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:208:131:208:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:209:116:209:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:209:116:209:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:210:101:210:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:210:101:210:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:211:86:211:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:211:86:211:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:212:71:212:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:212:71:212:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:213:56:213:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:213:56:213:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:214:41:214:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:214:41:214:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:215:161:215:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:215:161:215:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:216:146:216:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:216:146:216:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:217:131:217:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:217:131:217:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:218:116:218:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:218:116:218:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:219:101:219:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:219:101:219:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:220:86:220:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:220:86:220:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:221:71:221:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:221:71:221:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:222:56:222:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:222:56:222:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:223:41:223:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:223:41:223:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:224:176:224:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:224:176:224:192 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:225:161:225:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:225:161:225:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:226:146:226:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:226:146:226:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:227:131:227:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:227:131:227:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:228:116:228:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:228:116:228:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:229:101:229:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:229:101:229:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:230:86:230:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:230:86:230:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:231:71:231:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:231:71:231:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:232:56:232:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:232:56:232:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:233:41:233:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:233:41:233:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:234:41:234:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:234:41:234:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:235:56:235:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:235:56:235:77 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:236:41:236:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:236:41:236:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:237:41:237:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:237:41:237:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:238:41:238:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:238:41:238:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:239:26:239:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:239:26:239:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:240:26:240:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:240:26:240:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:241:26:241:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:241:26:241:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:242:26:242:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:242:26:242:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:243:26:243:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:243:26:243:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:244:26:244:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:244:26:244:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:245:26:245:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:245:26:245:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:246:26:246:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:246:26:246:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:247:41:247:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:247:41:247:63 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:248:41:248:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:248:41:248:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:249:26:249:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:249:26:249:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:250:56:250:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:250:56:250:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:251:41:251:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:251:41:251:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:252:26:252:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:252:26:252:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:253:71:253:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:253:71:253:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:254:56:254:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:254:56:254:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:255:41:255:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:255:41:255:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:256:26:256:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:256:26:256:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:257:86:257:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:257:86:257:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:258:71:258:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:258:71:258:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:259:56:259:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:259:56:259:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:260:41:260:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:260:41:260:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:261:26:261:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:261:26:261:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:262:101:262:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:262:101:262:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:263:86:263:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:263:86:263:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:264:71:264:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:264:71:264:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:265:56:265:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:265:56:265:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:266:41:266:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:266:41:266:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:267:26:267:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:267:26:267:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:268:116:268:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:268:116:268:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:269:101:269:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:269:101:269:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:270:86:270:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:270:86:270:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:271:71:271:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:271:71:271:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:272:56:272:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:272:56:272:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:273:41:273:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:273:41:273:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:274:26:274:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:274:26:274:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:275:131:275:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:275:131:275:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:276:116:276:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:276:116:276:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:277:101:277:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:277:101:277:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:278:86:278:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:278:86:278:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:279:71:279:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:279:71:279:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:280:56:280:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:280:56:280:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:281:41:281:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:281:41:281:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:282:26:282:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:282:26:282:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:283:146:283:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:283:146:283:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:284:131:284:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:284:131:284:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:285:116:285:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:285:116:285:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:286:101:286:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:286:101:286:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:287:86:287:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:287:86:287:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:288:71:288:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:288:71:288:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:289:56:289:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:289:56:289:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:290:41:290:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:290:41:290:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:291:26:291:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:291:26:291:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:292:161:292:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:292:161:292:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:293:146:293:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:293:146:293:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:294:131:294:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:294:131:294:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:295:116:295:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:295:116:295:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:296:101:296:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:296:101:296:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:297:86:297:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:297:86:297:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:298:71:298:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:298:71:298:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:299:56:299:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:299:56:299:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:300:41:300:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:300:41:300:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:301:26:301:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:301:26:301:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:302:26:302:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:302:26:302:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:303:41:303:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:303:41:303:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:304:26:304:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:304:26:304:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:305:26:305:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:305:26:305:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:306:26:306:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:306:26:306:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:307:26:307:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:307:26:307:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:308:26:308:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:308:26:308:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:309:41:309:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:309:41:309:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:310:41:310:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:310:41:310:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:311:41:311:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:311:41:311:58 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:312:41:312:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:312:41:312:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:313:41:313:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:313:41:313:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:314:41:314:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:314:41:314:48 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:315:41:315:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:315:41:315:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:316:41:316:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:316:41:316:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:317:56:317:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:317:56:317:78 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:318:56:318:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:318:56:318:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:319:41:319:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:319:41:319:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:320:71:320:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:320:71:320:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:321:56:321:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:321:56:321:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:322:41:322:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:322:41:322:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:323:86:323:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:323:86:323:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:324:71:324:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:324:71:324:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:325:56:325:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:325:56:325:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:326:41:326:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:326:41:326:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:327:101:327:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:327:101:327:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:328:86:328:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:328:86:328:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:329:71:329:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:329:71:329:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:330:56:330:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:330:56:330:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:331:41:331:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:331:41:331:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:332:116:332:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:332:116:332:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:333:101:333:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:333:101:333:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:334:86:334:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:334:86:334:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:335:71:335:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:335:71:335:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:336:56:336:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:336:56:336:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:337:41:337:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:337:41:337:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:338:131:338:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:338:131:338:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:339:116:339:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:339:116:339:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:340:101:340:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:340:101:340:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:341:86:341:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:341:86:341:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:342:71:342:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:342:71:342:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:343:56:343:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:343:56:343:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:344:41:344:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:344:41:344:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:345:146:345:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:345:146:345:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:346:131:346:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:346:131:346:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:347:116:347:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:347:116:347:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:348:101:348:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:348:101:348:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:349:86:349:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:349:86:349:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:350:71:350:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:350:71:350:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:351:56:351:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:351:56:351:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:352:41:352:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:352:41:352:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:353:161:353:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:353:161:353:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:354:146:354:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:354:146:354:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:355:131:355:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:355:131:355:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:356:116:356:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:356:116:356:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:357:101:357:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:357:101:357:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:358:86:358:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:358:86:358:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:359:71:359:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:359:71:359:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:360:56:360:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:360:56:360:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:361:41:361:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:361:41:361:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:362:176:362:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:362:176:362:192 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:363:161:363:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:363:161:363:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:364:146:364:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:364:146:364:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:365:131:365:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:365:131:365:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:366:116:366:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:366:116:366:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:367:101:367:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:367:101:367:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:368:86:368:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:368:86:368:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:369:71:369:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:369:71:369:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:370:56:370:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:370:56:370:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:371:41:371:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:371:41:371:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:372:41:372:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:372:41:372:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:373:56:373:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:373:56:373:77 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:374:41:374:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:374:41:374:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:375:41:375:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:375:41:375:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:376:41:376:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:376:41:376:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:377:26:377:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:377:26:377:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:378:26:378:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:378:26:378:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:379:26:379:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:379:26:379:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:380:26:380:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:380:26:380:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:381:26:381:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:381:26:381:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:382:26:382:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:382:26:382:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:383:26:383:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:383:26:383:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:384:26:384:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:384:26:384:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:385:41:385:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:385:41:385:63 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:386:41:386:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:386:41:386:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:387:26:387:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:387:26:387:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:388:56:388:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:388:56:388:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:389:41:389:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:389:41:389:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:390:26:390:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:390:26:390:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:391:71:391:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:391:71:391:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:392:56:392:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:392:56:392:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:393:41:393:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:393:41:393:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:394:26:394:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:394:26:394:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:395:86:395:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:395:86:395:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:396:71:396:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:396:71:396:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:397:56:397:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:397:56:397:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:398:41:398:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:398:41:398:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:399:26:399:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:399:26:399:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:400:101:400:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:400:101:400:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:401:86:401:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:401:86:401:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:402:71:402:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:402:71:402:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:403:56:403:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:403:56:403:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:404:41:404:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:404:41:404:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:405:26:405:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:405:26:405:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:406:116:406:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:406:116:406:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:407:101:407:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:407:101:407:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:408:86:408:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:408:86:408:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:409:71:409:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:409:71:409:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:410:56:410:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:410:56:410:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:411:41:411:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:411:41:411:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:412:26:412:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:412:26:412:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:413:131:413:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:413:131:413:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:414:116:414:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:414:116:414:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:415:101:415:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:415:101:415:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:416:86:416:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:416:86:416:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:417:71:417:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:417:71:417:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:418:56:418:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:418:56:418:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:419:41:419:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:419:41:419:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:420:26:420:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:420:26:420:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:421:146:421:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:421:146:421:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:422:131:422:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:422:131:422:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:423:116:423:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:423:116:423:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:424:101:424:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:424:101:424:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:425:86:425:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:425:86:425:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:426:71:426:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:426:71:426:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:427:56:427:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:427:56:427:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:428:41:428:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:428:41:428:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:429:26:429:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:429:26:429:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:430:161:430:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:430:161:430:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:431:146:431:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:431:146:431:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:432:131:432:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:432:131:432:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:433:116:433:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:433:116:433:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:434:101:434:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:434:101:434:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:435:86:435:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:435:86:435:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:436:71:436:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:436:71:436:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:437:56:437:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:437:56:437:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:438:41:438:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:438:41:438:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:439:26:439:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:439:26:439:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:440:26:440:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:440:26:440:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:441:41:441:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:441:41:441:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:442:26:442:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:442:26:442:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:443:26:443:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:443:26:443:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:444:26:444:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:444:26:444:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:445:25:445:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:445:25:445:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:446:25:446:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:446:25:446:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:447:40:447:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:447:40:447:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:448:40:448:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:448:40:448:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:449:40:449:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:449:40:449:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:450:40:450:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:450:40:450:65 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:451:40:451:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:451:40:451:65 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:452:40:452:47 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:452:40:452:47 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:453:40:453:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:453:40:453:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:454:40:454:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:454:40:454:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:455:55:455:77 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:455:55:455:77 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:456:55:456:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:456:55:456:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:457:40:457:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:457:40:457:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:458:70:458:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:458:70:458:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:459:55:459:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:459:55:459:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:460:40:460:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:460:40:460:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:461:85:461:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:461:85:461:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:462:70:462:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:462:70:462:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:463:55:463:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:463:55:463:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:464:40:464:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:464:40:464:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:465:100:465:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:465:100:465:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:466:85:466:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:466:85:466:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:467:70:467:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:467:70:467:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:468:55:468:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:468:55:468:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:469:40:469:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:469:40:469:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:470:115:470:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:470:115:470:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:471:100:471:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:471:100:471:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:472:85:472:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:472:85:472:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:473:70:473:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:473:70:473:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:474:55:474:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:474:55:474:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:475:40:475:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:475:40:475:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:476:130:476:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:476:130:476:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:477:115:477:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:477:115:477:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:478:100:478:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:478:100:478:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:479:85:479:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:479:85:479:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:480:70:480:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:480:70:480:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:481:55:481:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:481:55:481:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:482:40:482:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:482:40:482:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:483:145:483:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:483:145:483:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:484:130:484:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:484:130:484:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:485:115:485:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:485:115:485:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:486:100:486:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:486:100:486:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:487:85:487:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:487:85:487:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:488:70:488:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:488:70:488:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:489:55:489:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:489:55:489:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:490:40:490:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:490:40:490:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:491:160:491:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:491:160:491:176 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:492:145:492:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:492:145:492:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:493:130:493:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:493:130:493:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:494:115:494:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:494:115:494:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:495:100:495:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:495:100:495:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:496:85:496:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:496:85:496:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:497:70:497:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:497:70:497:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:498:55:498:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:498:55:498:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:499:40:499:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:499:40:499:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:500:175:500:191 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:500:175:500:191 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:501:160:501:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:501:160:501:176 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:502:145:502:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:502:145:502:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:503:130:503:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:503:130:503:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:504:115:504:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:504:115:504:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:505:100:505:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:505:100:505:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:506:85:506:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:506:85:506:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:507:70:507:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:507:70:507:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:508:55:508:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:508:55:508:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:509:40:509:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:509:40:509:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:510:40:510:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:510:40:510:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:511:55:511:76 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:511:55:511:76 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:512:40:512:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:512:40:512:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:513:40:513:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:513:40:513:61 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:514:40:514:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:514:40:514:61 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:515:25:515:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:515:25:515:50 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:516:25:516:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:516:25:516:50 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:517:25:517:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:517:25:517:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:518:25:518:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:518:25:518:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:519:25:519:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:519:25:519:32 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:520:25:520:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:520:25:520:32 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:521:25:521:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:521:25:521:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:522:25:522:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:522:25:522:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:523:40:523:62 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:523:40:523:62 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:524:40:524:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:524:40:524:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:525:25:525:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:525:25:525:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:526:55:526:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:526:55:526:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:527:40:527:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:527:40:527:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:528:25:528:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:528:25:528:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:529:70:529:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:529:70:529:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:530:55:530:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:530:55:530:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:531:40:531:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:531:40:531:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:532:25:532:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:532:25:532:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:533:85:533:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:533:85:533:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:534:70:534:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:534:70:534:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:535:55:535:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:535:55:535:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:536:40:536:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:536:40:536:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:537:25:537:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:537:25:537:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:538:100:538:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:538:100:538:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:539:85:539:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:539:85:539:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:540:70:540:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:540:70:540:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:541:55:541:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:541:55:541:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:542:40:542:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:542:40:542:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:543:25:543:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:543:25:543:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:544:115:544:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:544:115:544:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:545:100:545:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:545:100:545:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:546:85:546:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:546:85:546:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:547:70:547:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:547:70:547:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:548:55:548:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:548:55:548:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:549:40:549:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:549:40:549:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:550:25:550:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:550:25:550:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:551:130:551:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:551:130:551:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:552:115:552:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:552:115:552:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:553:100:553:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:553:100:553:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:554:85:554:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:554:85:554:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:555:70:555:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:555:70:555:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:556:55:556:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:556:55:556:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:557:40:557:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:557:40:557:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:558:25:558:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:558:25:558:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:559:145:559:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:559:145:559:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:560:130:560:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:560:130:560:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:561:115:561:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:561:115:561:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:562:100:562:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:562:100:562:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:563:85:563:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:563:85:563:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:564:70:564:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:564:70:564:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:565:55:565:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:565:55:565:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:566:40:566:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:566:40:566:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:567:25:567:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:567:25:567:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:568:160:568:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:568:160:568:176 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:569:145:569:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:569:145:569:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:570:130:570:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:570:130:570:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:571:115:571:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:571:115:571:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:572:100:572:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:572:100:572:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:573:85:573:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:573:85:573:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:574:70:574:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:574:70:574:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:575:55:575:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:575:55:575:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:576:40:576:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:576:40:576:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:577:25:577:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:577:25:577:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:578:25:578:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:578:25:578:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:579:40:579:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:579:40:579:61 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:580:25:580:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:580:25:580:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:581:25:581:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:581:25:581:46 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:582:25:582:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:582:25:582:46 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:583:38:583:60 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:583:38:583:60 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:584:38:584:60 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:584:38:584:60 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:585:53:585:75 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:585:53:585:75 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:586:53:586:75 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:586:53:586:75 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:587:53:587:70 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:587:53:587:70 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:588:53:588:78 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:588:53:588:78 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:589:53:589:78 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:589:53:589:78 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:590:53:590:60 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:590:53:590:60 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:591:53:591:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:591:53:591:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:592:53:592:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:592:53:592:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:593:68:593:90 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:593:68:593:90 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:594:68:594:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:594:68:594:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:595:53:595:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:595:53:595:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:596:83:596:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:596:83:596:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:597:68:597:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:597:68:597:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:598:53:598:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:598:53:598:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:599:98:599:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:599:98:599:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:600:83:600:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:600:83:600:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:601:68:601:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:601:68:601:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:602:53:602:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:602:53:602:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:603:113:603:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:603:113:603:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:604:98:604:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:604:98:604:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:605:83:605:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:605:83:605:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:606:68:606:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:606:68:606:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:607:53:607:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:607:53:607:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:608:128:608:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:608:128:608:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:609:113:609:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:609:113:609:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:610:98:610:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:610:98:610:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:611:83:611:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:611:83:611:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:612:68:612:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:612:68:612:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:613:53:613:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:613:53:613:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:614:143:614:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:614:143:614:159 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:615:128:615:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:615:128:615:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:616:113:616:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:616:113:616:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:617:98:617:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:617:98:617:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:618:83:618:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:618:83:618:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:619:68:619:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:619:68:619:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:620:53:620:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:620:53:620:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:621:158:621:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:621:158:621:174 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:622:143:622:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:622:143:622:159 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:623:128:623:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:623:128:623:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:624:113:624:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:624:113:624:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:625:98:625:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:625:98:625:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:626:83:626:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:626:83:626:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:627:68:627:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:627:68:627:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:628:53:628:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:628:53:628:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:629:173:629:189 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:629:173:629:189 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:630:158:630:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:630:158:630:174 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:631:143:631:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:631:143:631:159 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:632:128:632:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:632:128:632:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:633:113:633:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:633:113:633:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:634:98:634:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:634:98:634:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:635:83:635:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:635:83:635:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:636:68:636:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:636:68:636:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:637:53:637:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:637:53:637:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:638:188:638:204 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:638:188:638:204 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:639:173:639:189 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:639:173:639:189 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:640:158:640:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:640:158:640:174 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:641:143:641:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:641:143:641:159 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:642:128:642:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:642:128:642:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:643:113:643:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:643:113:643:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:644:98:644:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:644:98:644:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:645:83:645:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:645:83:645:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:646:68:646:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:646:68:646:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:647:53:647:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:647:53:647:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:648:53:648:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:648:53:648:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:649:68:649:89 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:649:68:649:89 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:650:53:650:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:650:53:650:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:651:53:651:74 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:651:53:651:74 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:652:53:652:74 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:652:53:652:74 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:653:38:653:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:653:38:653:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:654:38:654:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:654:38:654:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:655:38:655:55 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:655:38:655:55 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:656:38:656:55 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:656:38:656:55 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:657:38:657:45 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:657:38:657:45 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:658:38:658:45 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:658:38:658:45 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:659:38:659:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:659:38:659:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:660:38:660:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:660:38:660:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:661:53:661:75 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:661:53:661:75 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:662:53:662:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:662:53:662:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:663:38:663:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:663:38:663:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:664:68:664:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:664:68:664:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:665:53:665:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:665:53:665:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:666:38:666:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:666:38:666:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:667:83:667:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:667:83:667:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:668:68:668:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:668:68:668:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:669:53:669:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:669:53:669:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:670:38:670:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:670:38:670:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:671:98:671:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:671:98:671:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:672:83:672:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:672:83:672:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:673:68:673:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:673:68:673:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:674:53:674:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:674:53:674:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:675:38:675:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:675:38:675:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:676:113:676:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:676:113:676:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:677:98:677:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:677:98:677:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:678:83:678:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:678:83:678:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:679:68:679:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:679:68:679:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:680:53:680:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:680:53:680:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:681:38:681:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:681:38:681:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:682:128:682:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:682:128:682:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:683:113:683:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:683:113:683:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:684:98:684:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:684:98:684:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:685:83:685:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:685:83:685:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:686:68:686:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:686:68:686:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:687:53:687:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:687:53:687:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:688:38:688:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:688:38:688:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:689:143:689:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:689:143:689:159 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:690:128:690:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:690:128:690:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:691:113:691:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:691:113:691:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:692:98:692:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:692:98:692:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:693:83:693:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:693:83:693:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:694:68:694:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:694:68:694:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:695:53:695:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:695:53:695:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:696:38:696:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:696:38:696:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:697:158:697:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:697:158:697:174 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:698:143:698:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:698:143:698:159 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:699:128:699:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:699:128:699:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:700:113:700:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:700:113:700:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:701:98:701:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:701:98:701:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:702:83:702:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:702:83:702:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:703:68:703:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:703:68:703:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:704:53:704:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:704:53:704:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:705:38:705:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:705:38:705:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:706:173:706:189 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:706:173:706:189 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:707:158:707:174 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:707:158:707:174 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:708:143:708:159 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:708:143:708:159 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:709:128:709:144 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:709:128:709:144 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:710:113:710:129 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:710:113:710:129 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:711:98:711:114 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:711:98:711:114 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:712:83:712:99 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:712:83:712:99 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:713:68:713:84 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:713:68:713:84 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:714:53:714:69 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:714:53:714:69 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:715:38:715:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:715:38:715:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:716:38:716:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:716:38:716:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:717:53:717:74 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:717:53:717:74 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:718:38:718:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:718:38:718:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:719:38:719:59 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:719:38:719:59 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:720:38:720:59 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:720:38:720:59 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:721:26:721:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:721:26:721:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:722:26:722:48 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:722:26:722:48 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:723:41:723:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:723:41:723:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:724:41:724:63 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:724:41:724:63 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:725:41:725:58 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:725:41:725:58 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:726:41:726:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:726:41:726:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:727:41:727:66 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:727:41:727:66 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:728:41:728:48 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:728:41:728:48 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:729:41:729:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:729:41:729:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:730:41:730:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:730:41:730:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:731:56:731:78 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:731:56:731:78 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:732:56:732:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:732:56:732:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:733:41:733:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:733:41:733:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:734:71:734:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:734:71:734:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:735:56:735:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:735:56:735:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:736:41:736:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:736:41:736:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:737:86:737:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:737:86:737:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:738:71:738:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:738:71:738:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:739:56:739:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:739:56:739:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:740:41:740:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:740:41:740:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:741:101:741:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:741:101:741:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:742:86:742:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:742:86:742:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:743:71:743:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:743:71:743:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:744:56:744:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:744:56:744:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:745:41:745:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:745:41:745:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:746:116:746:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:746:116:746:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:747:101:747:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:747:101:747:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:748:86:748:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:748:86:748:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:749:71:749:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:749:71:749:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:750:56:750:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:750:56:750:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:751:41:751:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:751:41:751:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:752:131:752:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:752:131:752:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:753:116:753:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:753:116:753:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:754:101:754:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:754:101:754:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:755:86:755:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:755:86:755:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:756:71:756:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:756:71:756:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:757:56:757:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:757:56:757:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:758:41:758:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:758:41:758:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:759:146:759:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:759:146:759:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:760:131:760:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:760:131:760:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:761:116:761:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:761:116:761:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:762:101:762:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:762:101:762:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:763:86:763:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:763:86:763:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:764:71:764:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:764:71:764:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:765:56:765:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:765:56:765:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:766:41:766:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:766:41:766:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:767:161:767:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:767:161:767:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:768:146:768:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:768:146:768:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:769:131:769:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:769:131:769:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:770:116:770:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:770:116:770:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:771:101:771:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:771:101:771:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:772:86:772:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:772:86:772:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:773:71:773:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:773:71:773:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:774:56:774:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:774:56:774:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:775:41:775:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:775:41:775:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:776:176:776:192 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:776:176:776:192 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:777:161:777:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:777:161:777:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:778:146:778:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:778:146:778:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:779:131:779:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:779:131:779:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:780:116:780:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:780:116:780:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:781:101:781:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:781:101:781:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:782:86:782:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:782:86:782:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:783:71:783:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:783:71:783:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:784:56:784:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:784:56:784:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:785:41:785:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:785:41:785:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:786:41:786:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:786:41:786:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:787:56:787:77 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:787:56:787:77 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:788:41:788:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:788:41:788:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:789:41:789:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:789:41:789:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:790:41:790:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:790:41:790:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:791:26:791:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:791:26:791:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:792:26:792:51 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:792:26:792:51 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:793:26:793:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:793:26:793:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:794:26:794:43 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:794:26:794:43 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:795:26:795:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:795:26:795:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:796:26:796:33 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:796:26:796:33 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:797:26:797:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:797:26:797:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:798:26:798:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:798:26:798:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:799:41:799:63 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:799:41:799:63 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:800:41:800:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:800:41:800:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:801:26:801:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:801:26:801:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:802:56:802:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:802:56:802:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:803:41:803:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:803:41:803:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:804:26:804:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:804:26:804:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:805:71:805:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:805:71:805:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:806:56:806:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:806:56:806:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:807:41:807:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:807:41:807:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:808:26:808:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:808:26:808:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:809:86:809:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:809:86:809:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:810:71:810:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:810:71:810:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:811:56:811:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:811:56:811:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:812:41:812:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:812:41:812:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:813:26:813:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:813:26:813:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:814:101:814:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:814:101:814:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:815:86:815:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:815:86:815:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:816:71:816:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:816:71:816:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:817:56:817:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:817:56:817:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:818:41:818:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:818:41:818:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:819:26:819:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:819:26:819:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:820:116:820:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:820:116:820:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:821:101:821:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:821:101:821:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:822:86:822:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:822:86:822:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:823:71:823:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:823:71:823:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:824:56:824:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:824:56:824:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:825:41:825:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:825:41:825:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:826:26:826:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:826:26:826:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:827:131:827:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:827:131:827:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:828:116:828:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:828:116:828:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:829:101:829:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:829:101:829:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:830:86:830:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:830:86:830:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:831:71:831:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:831:71:831:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:832:56:832:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:832:56:832:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:833:41:833:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:833:41:833:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:834:26:834:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:834:26:834:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:835:146:835:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:835:146:835:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:836:131:836:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:836:131:836:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:837:116:837:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:837:116:837:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:838:101:838:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:838:101:838:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:839:86:839:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:839:86:839:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:840:71:840:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:840:71:840:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:841:56:841:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:841:56:841:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:842:41:842:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:842:41:842:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:843:26:843:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:843:26:843:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:844:161:844:177 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:844:161:844:177 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:845:146:845:162 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:845:146:845:162 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:846:131:846:147 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:846:131:846:147 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:847:116:847:132 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:847:116:847:132 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:848:101:848:117 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:848:101:848:117 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:849:86:849:102 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:849:86:849:102 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:850:71:850:87 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:850:71:850:87 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:851:56:851:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:851:56:851:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:852:41:852:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:852:41:852:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:853:26:853:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:853:26:853:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:854:26:854:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:854:26:854:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:855:41:855:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:855:41:855:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:856:26:856:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:856:26:856:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:857:26:857:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:857:26:857:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:858:26:858:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:858:26:858:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:859:25:859:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:859:25:859:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:860:25:860:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:860:25:860:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:861:40:861:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:861:40:861:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:862:40:862:62 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:862:40:862:62 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:863:40:863:57 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:863:40:863:57 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:864:40:864:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:864:40:864:65 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:865:40:865:65 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:865:40:865:65 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:866:40:866:47 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:866:40:866:47 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:867:40:867:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:867:40:867:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:868:40:868:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:868:40:868:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:869:55:869:77 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:869:55:869:77 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:870:55:870:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:870:55:870:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:871:40:871:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:871:40:871:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:872:70:872:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:872:70:872:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:873:55:873:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:873:55:873:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:874:40:874:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:874:40:874:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:875:85:875:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:875:85:875:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:876:70:876:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:876:70:876:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:877:55:877:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:877:55:877:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:878:40:878:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:878:40:878:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:879:100:879:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:879:100:879:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:880:85:880:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:880:85:880:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:881:70:881:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:881:70:881:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:882:55:882:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:882:55:882:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:883:40:883:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:883:40:883:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:884:115:884:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:884:115:884:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:885:100:885:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:885:100:885:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:886:85:886:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:886:85:886:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:887:70:887:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:887:70:887:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:888:55:888:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:888:55:888:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:889:40:889:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:889:40:889:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:890:130:890:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:890:130:890:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:891:115:891:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:891:115:891:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:892:100:892:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:892:100:892:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:893:85:893:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:893:85:893:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:894:70:894:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:894:70:894:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:895:55:895:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:895:55:895:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:896:40:896:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:896:40:896:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:897:145:897:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:897:145:897:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:898:130:898:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:898:130:898:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:899:115:899:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:899:115:899:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:900:100:900:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:900:100:900:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:901:85:901:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:901:85:901:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:902:70:902:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:902:70:902:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:903:55:903:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:903:55:903:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:904:40:904:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:904:40:904:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:905:160:905:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:905:160:905:176 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:906:145:906:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:906:145:906:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:907:130:907:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:907:130:907:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:908:115:908:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:908:115:908:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:909:100:909:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:909:100:909:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:910:85:910:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:910:85:910:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:911:70:911:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:911:70:911:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:912:55:912:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:912:55:912:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:913:40:913:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:913:40:913:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:914:175:914:191 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:914:175:914:191 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:915:160:915:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:915:160:915:176 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:916:145:916:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:916:145:916:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:917:130:917:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:917:130:917:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:918:115:918:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:918:115:918:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:919:100:919:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:919:100:919:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:920:85:920:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:920:85:920:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:921:70:921:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:921:70:921:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:922:55:922:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:922:55:922:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:923:40:923:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:923:40:923:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:924:40:924:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:924:40:924:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:925:55:925:76 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:925:55:925:76 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:926:40:926:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:926:40:926:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:927:40:927:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:927:40:927:61 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:928:40:928:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:928:40:928:61 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:929:25:929:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:929:25:929:50 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:930:25:930:50 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:930:25:930:50 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:931:25:931:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:931:25:931:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:932:25:932:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:932:25:932:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:933:25:933:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:933:25:933:32 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:934:25:934:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:934:25:934:32 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:935:25:935:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:935:25:935:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:936:25:936:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:936:25:936:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:937:40:937:62 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:937:40:937:62 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:938:40:938:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:938:40:938:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:939:25:939:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:939:25:939:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:940:55:940:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:940:55:940:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:941:40:941:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:941:40:941:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:942:25:942:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:942:25:942:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:943:70:943:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:943:70:943:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:944:55:944:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:944:55:944:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:945:40:945:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:945:40:945:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:946:25:946:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:946:25:946:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:947:85:947:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:947:85:947:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:948:70:948:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:948:70:948:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:949:55:949:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:949:55:949:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:950:40:950:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:950:40:950:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:951:25:951:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:951:25:951:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:952:100:952:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:952:100:952:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:953:85:953:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:953:85:953:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:954:70:954:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:954:70:954:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:955:55:955:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:955:55:955:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:956:40:956:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:956:40:956:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:957:25:957:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:957:25:957:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:958:115:958:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:958:115:958:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:959:100:959:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:959:100:959:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:960:85:960:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:960:85:960:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:961:70:961:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:961:70:961:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:962:55:962:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:962:55:962:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:963:40:963:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:963:40:963:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:964:25:964:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:964:25:964:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:965:130:965:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:965:130:965:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:966:115:966:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:966:115:966:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:967:100:967:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:967:100:967:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:968:85:968:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:968:85:968:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:969:70:969:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:969:70:969:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:970:55:970:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:970:55:970:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:971:40:971:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:971:40:971:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:972:25:972:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:972:25:972:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:973:145:973:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:973:145:973:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:974:130:974:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:974:130:974:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:975:115:975:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:975:115:975:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:976:100:976:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:976:100:976:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:977:85:977:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:977:85:977:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:978:70:978:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:978:70:978:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:979:55:979:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:979:55:979:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:980:40:980:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:980:40:980:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:981:25:981:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:981:25:981:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:982:160:982:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:982:160:982:176 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:983:145:983:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:983:145:983:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:984:130:984:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:984:130:984:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:985:115:985:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:985:115:985:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:986:100:986:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:986:100:986:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:987:85:987:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:987:85:987:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:988:70:988:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:988:70:988:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:989:55:989:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:989:55:989:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:990:40:990:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:990:40:990:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:991:25:991:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:991:25:991:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:992:25:992:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:992:25:992:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:993:40:993:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:993:40:993:61 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:994:25:994:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:994:25:994:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:995:25:995:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:995:25:995:46 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:996:25:996:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:996:25:996:46 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:998:55:998:72 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:998:55:998:72 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:999:39:999:55 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:999:39:999:55 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1000:45:1000:67 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1000:45:1000:67 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1001:33:1001:49 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1001:33:1001:49 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1002:39:1002:61 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1002:39:1002:61 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1020:25:1020:47 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1020:25:1020:47 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1021:25:1021:42 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1021:25:1021:42 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1022:25:1022:32 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1022:25:1022:32 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1023:25:1023:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1023:25:1023:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1024:25:1024:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1024:25:1024:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1025:40:1025:62 | new Object[] | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1025:40:1025:62 | new Object[] | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1026:40:1026:47 | source(...) | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1026:40:1026:47 | source(...) | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1028:40:1028:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1028:40:1028:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1029:25:1029:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1029:25:1029:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1030:55:1030:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1030:55:1030:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1031:40:1031:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1031:40:1031:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1032:25:1032:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1032:25:1032:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1033:70:1033:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1033:70:1033:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1034:55:1034:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1034:55:1034:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1035:40:1035:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1035:40:1035:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1036:25:1036:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1036:25:1036:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1037:85:1037:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1037:85:1037:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1038:70:1038:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1038:70:1038:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1039:55:1039:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1039:55:1039:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1040:40:1040:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1040:40:1040:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1041:25:1041:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1041:25:1041:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1042:100:1042:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1042:100:1042:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1043:85:1043:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1043:85:1043:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1044:70:1044:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1044:70:1044:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1045:55:1045:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1045:55:1045:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1046:40:1046:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1046:40:1046:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1047:25:1047:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1047:25:1047:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1048:115:1048:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1048:115:1048:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1049:100:1049:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1049:100:1049:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1050:85:1050:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1050:85:1050:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1051:70:1051:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1051:70:1051:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1052:55:1052:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1052:55:1052:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1053:40:1053:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1053:40:1053:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1054:25:1054:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1054:25:1054:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1055:130:1055:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1055:130:1055:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1056:115:1056:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1056:115:1056:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1057:100:1057:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1057:100:1057:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1058:85:1058:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1058:85:1058:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1059:70:1059:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1059:70:1059:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1060:55:1060:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1060:55:1060:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1061:40:1061:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1061:40:1061:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1062:25:1062:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1062:25:1062:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1063:145:1063:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1063:145:1063:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1064:130:1064:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1064:130:1064:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1065:115:1065:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1065:115:1065:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1066:100:1066:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1066:100:1066:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1067:85:1067:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1067:85:1067:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1068:70:1068:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1068:70:1068:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1069:55:1069:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1069:55:1069:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1070:40:1070:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1070:40:1070:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1071:25:1071:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1071:25:1071:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1072:160:1072:176 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1072:160:1072:176 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1073:145:1073:161 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1073:145:1073:161 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1074:130:1074:146 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1074:130:1074:146 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1075:115:1075:131 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1075:115:1075:131 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1076:100:1076:116 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1076:100:1076:116 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1077:85:1077:101 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1077:85:1077:101 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1078:70:1078:86 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1078:70:1078:86 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1079:55:1079:71 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1079:55:1079:71 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1080:40:1080:56 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1080:40:1080:56 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1081:25:1081:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1081:25:1081:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1083:25:1083:41 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1083:25:1083:41 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1084:40:1084:61 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1084:40:1084:61 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1085:25:1085:46 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1085:25:1085:46 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1088:38:1088:54 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1088:38:1088:54 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1089:44:1089:60 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1089:44:1089:60 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1092:34:1092:36 | map | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1092:34:1092:36 | map | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1096:26:1096:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1096:26:1096:29 | mmsg | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1101:26:1101:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1101:26:1101:29 | mmsg | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1106:26:1106:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1106:26:1106:29 | mmsg | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1113:26:1113:29 | mmsg | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1113:26:1113:29 | mmsg | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1116:52:1116:68 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1116:52:1116:68 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1117:72:1117:88 | (...)... | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1117:72:1117:88 | (...)... | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1120:43:1120:45 | map | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1120:43:1120:45 | map | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | +| Log4jJndiInjectionTest.java:1121:63:1121:65 | map | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1121:63:1121:65 | map | Log4j log entry depends on a $@. | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) | user-provided value | diff --git a/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected b/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected index 682993380af..befb327fc33 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected @@ -8,5 +8,5 @@ nodes | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | semmle.label | ... + ... | subpaths #select -| JSchOSInjectionTest.java:27:52:27:68 | ... + ... | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | $@ flows to here and is used in a command. | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) | User-provided value | -| JSchOSInjectionTest.java:53:36:53:52 | ... + ... | JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | $@ flows to here and is used in a command. | JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) | User-provided value | +| JSchOSInjectionTest.java:27:52:27:68 | ... + ... | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | This command line depends on a $@. | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) | user-provided value | +| JSchOSInjectionTest.java:53:36:53:52 | ... + ... | JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | This command line depends on a $@. | JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) | user-provided value | diff --git a/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.expected b/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.expected index f37e49e30e0..dfc8a0c7673 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.expected @@ -1,5 +1,5 @@ -| InsecureLdapEndpoint.java:19:9:19:92 | setProperty(...) | LDAPS configuration allows insecure endpoint identification | -| InsecureLdapEndpoint.java:50:9:50:40 | setProperties(...) | LDAPS configuration allows insecure endpoint identification | -| InsecureLdapEndpoint.java:68:9:68:40 | setProperties(...) | LDAPS configuration allows insecure endpoint identification | -| InsecureLdapEndpoint.java:84:9:84:94 | setProperty(...) | LDAPS configuration allows insecure endpoint identification | -| InsecureLdapEndpoint.java:102:9:102:40 | setProperties(...) | LDAPS configuration allows insecure endpoint identification | +| InsecureLdapEndpoint.java:19:9:19:92 | setProperty(...) | LDAPS configuration allows insecure endpoint identification. | +| InsecureLdapEndpoint.java:50:9:50:40 | setProperties(...) | LDAPS configuration allows insecure endpoint identification. | +| InsecureLdapEndpoint.java:68:9:68:40 | setProperties(...) | LDAPS configuration allows insecure endpoint identification. | +| InsecureLdapEndpoint.java:84:9:84:94 | setProperty(...) | LDAPS configuration allows insecure endpoint identification. | +| InsecureLdapEndpoint.java:102:9:102:40 | setProperties(...) | LDAPS configuration allows insecure endpoint identification. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.expected b/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.expected index 5706b837682..fbb01566a18 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.expected @@ -15,4 +15,4 @@ nodes | DisabledRevocationChecking.java:28:33:28:36 | this <.field> [flag] : Boolean | semmle.label | this <.field> [flag] : Boolean | subpaths #select -| DisabledRevocationChecking.java:17:12:17:16 | false | DisabledRevocationChecking.java:17:12:17:16 | false : Boolean | DisabledRevocationChecking.java:28:33:28:36 | flag | Revocation checking is disabled $@. | DisabledRevocationChecking.java:17:12:17:16 | false | here | +| DisabledRevocationChecking.java:17:12:17:16 | false | DisabledRevocationChecking.java:17:12:17:16 | false : Boolean | DisabledRevocationChecking.java:28:33:28:36 | flag | This disables revocation checking. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.expected b/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.expected index 63b20138c48..b6fc5960e2b 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.expected @@ -127,35 +127,35 @@ nodes | UnsafeTlsVersion.java:121:32:121:40 | protocols | semmle.label | protocols | subpaths #select -| UnsafeTlsVersion.java:16:28:16:32 | "SSL" | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | $@ is unsafe | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | SSL | -| UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | $@ is unsafe | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | SSLv2 | -| UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | $@ is unsafe | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | SSLv3 | -| UnsafeTlsVersion.java:19:28:19:32 | "TLS" | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | $@ is unsafe | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | TLS | -| UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | $@ is unsafe | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | TLSv1 | -| UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | $@ is unsafe | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" | SSLv3 | -| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:32:39:32:43 | "TLS" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:32:39:32:43 | "TLS" | TLS | -| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" | TLSv1 | -| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" | TLSv1 | -| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:50:38:50:61 | new String[] | UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" : String | UnsafeTlsVersion.java:50:38:50:61 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" | SSLv3 | -| UnsafeTlsVersion.java:51:38:51:59 | new String[] | UnsafeTlsVersion.java:51:53:51:57 | "TLS" : String | UnsafeTlsVersion.java:51:38:51:59 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:51:53:51:57 | "TLS" | TLS | -| UnsafeTlsVersion.java:52:38:52:61 | new String[] | UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" : String | UnsafeTlsVersion.java:52:38:52:61 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" | TLSv1 | -| UnsafeTlsVersion.java:53:38:53:63 | new String[] | UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" : String | UnsafeTlsVersion.java:53:38:53:63 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:56:29:56:65 | new String[] | UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" : String | UnsafeTlsVersion.java:56:29:56:65 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" | SSLv3 | -| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:69:21:69:25 | "TLS" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:69:21:69:25 | "TLS" | TLS | -| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" | TLSv1 | -| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" | SSLv3 | -| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:89:27:89:31 | "TLS" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:89:27:89:31 | "TLS" | TLS | -| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" | TLSv1 | -| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" | SSLv3 | -| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:109:21:109:25 | "TLS" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:109:21:109:25 | "TLS" | TLS | -| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" | TLSv1 | -| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" | TLSv1.1 | -| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:16:28:16:32 | "SSL" | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | $@ is unsafe. | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | SSL | +| UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | $@ is unsafe. | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | SSLv2 | +| UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | $@ is unsafe. | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | SSLv3 | +| UnsafeTlsVersion.java:19:28:19:32 | "TLS" | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | $@ is unsafe. | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | TLS | +| UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | $@ is unsafe. | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | TLSv1 | +| UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | $@ is unsafe. | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" | SSLv3 | +| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:32:39:32:43 | "TLS" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:32:39:32:43 | "TLS" | TLS | +| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" | TLSv1 | +| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" | TLSv1 | +| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:50:38:50:61 | new String[] | UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" : String | UnsafeTlsVersion.java:50:38:50:61 | new String[] | $@ is unsafe. | UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" | SSLv3 | +| UnsafeTlsVersion.java:51:38:51:59 | new String[] | UnsafeTlsVersion.java:51:53:51:57 | "TLS" : String | UnsafeTlsVersion.java:51:38:51:59 | new String[] | $@ is unsafe. | UnsafeTlsVersion.java:51:53:51:57 | "TLS" | TLS | +| UnsafeTlsVersion.java:52:38:52:61 | new String[] | UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" : String | UnsafeTlsVersion.java:52:38:52:61 | new String[] | $@ is unsafe. | UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" | TLSv1 | +| UnsafeTlsVersion.java:53:38:53:63 | new String[] | UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" : String | UnsafeTlsVersion.java:53:38:53:63 | new String[] | $@ is unsafe. | UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:56:29:56:65 | new String[] | UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" : String | UnsafeTlsVersion.java:56:29:56:65 | new String[] | $@ is unsafe. | UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" | SSLv3 | +| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:69:21:69:25 | "TLS" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:69:21:69:25 | "TLS" | TLS | +| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" | TLSv1 | +| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" | SSLv3 | +| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:89:27:89:31 | "TLS" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:89:27:89:31 | "TLS" | TLS | +| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" | TLSv1 | +| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" | SSLv3 | +| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:109:21:109:25 | "TLS" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:109:21:109:25 | "TLS" | TLS | +| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" | TLSv1 | +| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" | TLSv1.1 | +| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe. | UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" | TLSv1.1 | diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.expected b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.expected index 0c266dfaf7e..8b7b97b3c42 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.expected @@ -1,6 +1,6 @@ -| SpringExporterUnsafeDeserialization.java:14:24:14:47 | unsafeRmiServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeRmiServiceExporter' | -| SpringExporterUnsafeDeserialization.java:24:28:24:55 | unsafeHessianServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHessianServiceExporter' | -| SpringExporterUnsafeDeserialization.java:32:32:32:63 | unsafeHttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHttpInvokerServiceExporter' | -| SpringExporterUnsafeDeserialization.java:40:41:40:88 | unsafeCustomeRemoteInvocationSerializingExporter | Unsafe deserialization in a Spring exporter bean '/unsafeCustomeRemoteInvocationSerializingExporter' | -| SpringExporterUnsafeDeserialization.java:56:32:56:63 | unsafeHttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHttpInvokerServiceExporter' | -| SpringExporterUnsafeDeserialization.java:68:32:68:63 | unsafeHttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHttpInvokerServiceExporter' | +| SpringExporterUnsafeDeserialization.java:14:24:14:47 | unsafeRmiServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeRmiServiceExporter'. | +| SpringExporterUnsafeDeserialization.java:24:28:24:55 | unsafeHessianServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHessianServiceExporter'. | +| SpringExporterUnsafeDeserialization.java:32:32:32:63 | unsafeHttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHttpInvokerServiceExporter'. | +| SpringExporterUnsafeDeserialization.java:40:41:40:88 | unsafeCustomeRemoteInvocationSerializingExporter | Unsafe deserialization in a Spring exporter bean '/unsafeCustomeRemoteInvocationSerializingExporter'. | +| SpringExporterUnsafeDeserialization.java:56:32:56:63 | unsafeHttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHttpInvokerServiceExporter'. | +| SpringExporterUnsafeDeserialization.java:68:32:68:63 | unsafeHttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean '/unsafeHttpInvokerServiceExporter'. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.expected b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.expected index ec7a06f8bfc..16ccc08ee4c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.expected @@ -1,4 +1,4 @@ -| beans.xml:10:5:13:12 | /unsafeBooking | Unsafe deserialization in a Spring exporter bean '/unsafeBooking' | -| beans.xml:15:5:18:12 | org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean 'org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter' | -| beans.xml:20:5:24:12 | org.springframework.remoting.rmi.RmiServiceExporter | Unsafe deserialization in a Spring exporter bean 'org.springframework.remoting.rmi.RmiServiceExporter' | -| beans.xml:26:5:29:12 | org.springframework.remoting.caucho.HessianServiceExporter | Unsafe deserialization in a Spring exporter bean 'org.springframework.remoting.caucho.HessianServiceExporter' | +| beans.xml:10:5:13:12 | /unsafeBooking | Unsafe deserialization in a Spring exporter bean '/unsafeBooking'. | +| beans.xml:15:5:18:12 | org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter | Unsafe deserialization in a Spring exporter bean 'org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter'. | +| beans.xml:20:5:24:12 | org.springframework.remoting.rmi.RmiServiceExporter | Unsafe deserialization in a Spring exporter bean 'org.springframework.remoting.rmi.RmiServiceExporter'. | +| beans.xml:26:5:29:12 | org.springframework.remoting.caucho.HessianServiceExporter | Unsafe deserialization in a Spring exporter bean 'org.springframework.remoting.caucho.HessianServiceExporter'. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.expected b/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.expected index a8ad32b662b..c0db669a7d6 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.expected @@ -1 +1 @@ -| insecure-web.xml:16:9:19:22 | init-param | Directory listing should be disabled to mitigate filename and path disclosure | +| insecure-web.xml:16:9:19:22 | init-param | Directory listing should be disabled to mitigate filename and path disclosure. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeServletRequestDispatch.java b/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeServletRequestDispatch.java index 279764fba8b..ee63939b209 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeServletRequestDispatch.java +++ b/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeServletRequestDispatch.java @@ -100,7 +100,10 @@ public class UnsafeServletRequestDispatch extends HttpServlet { } } - // BAD: Request dispatcher with negation check and path normalization, but without URL decoding + // FN: Request dispatcher with negation check and path normalization, but without URL decoding + // When promoting this query, consider using FlowStates to make `getRequestDispatcher` a sink + // only if a URL-decoding step has NOT been crossed (i.e. make URLDecoder.decode change the + // state to a different value than the one required at the sink). protected void doHead5(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String path = request.getParameter("path"); diff --git a/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected b/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected index e227c58d7c7..11a8bc6c248 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected @@ -20,11 +20,6 @@ edges | UnsafeServletRequestDispatch.java:23:22:23:54 | getParameter(...) : String | UnsafeServletRequestDispatch.java:32:51:32:59 | returnURL | | UnsafeServletRequestDispatch.java:42:22:42:54 | getParameter(...) : String | UnsafeServletRequestDispatch.java:48:56:48:64 | returnURL | | UnsafeServletRequestDispatch.java:71:17:71:44 | getParameter(...) : String | UnsafeServletRequestDispatch.java:76:53:76:56 | path | -| UnsafeServletRequestDispatch.java:106:17:106:44 | getParameter(...) : String | UnsafeServletRequestDispatch.java:107:53:107:56 | path : String | -| UnsafeServletRequestDispatch.java:107:24:107:57 | resolve(...) : Path | UnsafeServletRequestDispatch.java:107:24:107:69 | normalize(...) : Path | -| UnsafeServletRequestDispatch.java:107:24:107:69 | normalize(...) : Path | UnsafeServletRequestDispatch.java:110:53:110:65 | requestedPath : Path | -| UnsafeServletRequestDispatch.java:107:53:107:56 | path : String | UnsafeServletRequestDispatch.java:107:24:107:57 | resolve(...) : Path | -| UnsafeServletRequestDispatch.java:110:53:110:65 | requestedPath : Path | UnsafeServletRequestDispatch.java:110:53:110:76 | toString(...) | | UnsafeUrlForward.java:13:27:13:36 | url : String | UnsafeUrlForward.java:14:27:14:29 | url | | UnsafeUrlForward.java:18:27:18:36 | url : String | UnsafeUrlForward.java:20:28:20:30 | url | | UnsafeUrlForward.java:25:21:25:30 | url : String | UnsafeUrlForward.java:26:23:26:25 | url | @@ -69,12 +64,6 @@ nodes | UnsafeServletRequestDispatch.java:48:56:48:64 | returnURL | semmle.label | returnURL | | UnsafeServletRequestDispatch.java:71:17:71:44 | getParameter(...) : String | semmle.label | getParameter(...) : String | | UnsafeServletRequestDispatch.java:76:53:76:56 | path | semmle.label | path | -| UnsafeServletRequestDispatch.java:106:17:106:44 | getParameter(...) : String | semmle.label | getParameter(...) : String | -| UnsafeServletRequestDispatch.java:107:24:107:57 | resolve(...) : Path | semmle.label | resolve(...) : Path | -| UnsafeServletRequestDispatch.java:107:24:107:69 | normalize(...) : Path | semmle.label | normalize(...) : Path | -| UnsafeServletRequestDispatch.java:107:53:107:56 | path : String | semmle.label | path : String | -| UnsafeServletRequestDispatch.java:110:53:110:65 | requestedPath : Path | semmle.label | requestedPath : Path | -| UnsafeServletRequestDispatch.java:110:53:110:76 | toString(...) | semmle.label | toString(...) | | UnsafeUrlForward.java:13:27:13:36 | url : String | semmle.label | url : String | | UnsafeUrlForward.java:14:27:14:29 | url | semmle.label | url | | UnsafeUrlForward.java:18:27:18:36 | url : String | semmle.label | url : String | @@ -106,7 +95,6 @@ subpaths | UnsafeServletRequestDispatch.java:32:51:32:59 | returnURL | UnsafeServletRequestDispatch.java:23:22:23:54 | getParameter(...) : String | UnsafeServletRequestDispatch.java:32:51:32:59 | returnURL | Potentially untrusted URL forward due to $@. | UnsafeServletRequestDispatch.java:23:22:23:54 | getParameter(...) | user-provided value | | UnsafeServletRequestDispatch.java:48:56:48:64 | returnURL | UnsafeServletRequestDispatch.java:42:22:42:54 | getParameter(...) : String | UnsafeServletRequestDispatch.java:48:56:48:64 | returnURL | Potentially untrusted URL forward due to $@. | UnsafeServletRequestDispatch.java:42:22:42:54 | getParameter(...) | user-provided value | | UnsafeServletRequestDispatch.java:76:53:76:56 | path | UnsafeServletRequestDispatch.java:71:17:71:44 | getParameter(...) : String | UnsafeServletRequestDispatch.java:76:53:76:56 | path | Potentially untrusted URL forward due to $@. | UnsafeServletRequestDispatch.java:71:17:71:44 | getParameter(...) | user-provided value | -| UnsafeServletRequestDispatch.java:110:53:110:76 | toString(...) | UnsafeServletRequestDispatch.java:106:17:106:44 | getParameter(...) : String | UnsafeServletRequestDispatch.java:110:53:110:76 | toString(...) | Potentially untrusted URL forward due to $@. | UnsafeServletRequestDispatch.java:106:17:106:44 | getParameter(...) | user-provided value | | UnsafeUrlForward.java:14:27:14:29 | url | UnsafeUrlForward.java:13:27:13:36 | url : String | UnsafeUrlForward.java:14:27:14:29 | url | Potentially untrusted URL forward due to $@. | UnsafeUrlForward.java:13:27:13:36 | url | user-provided value | | UnsafeUrlForward.java:20:28:20:30 | url | UnsafeUrlForward.java:18:27:18:36 | url : String | UnsafeUrlForward.java:20:28:20:30 | url | Potentially untrusted URL forward due to $@. | UnsafeUrlForward.java:18:27:18:36 | url | user-provided value | | UnsafeUrlForward.java:26:23:26:25 | url | UnsafeUrlForward.java:25:21:25:30 | url : String | UnsafeUrlForward.java:26:23:26:25 | url | Potentially untrusted URL forward due to $@. | UnsafeUrlForward.java:25:21:25:30 | url | user-provided value | diff --git a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected index 66e942a39e6..c06301e37fb 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected @@ -14,7 +14,7 @@ nodes | UncaughtServletException.java:76:22:76:27 | userId | semmle.label | userId | subpaths #select -| UncaughtServletException.java:14:44:14:45 | ip | UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | UncaughtServletException.java:14:44:14:45 | ip | $@ flows to here and can throw uncaught exception. | UncaughtServletException.java:13:15:13:43 | getParameter(...) | User-provided value | -| UncaughtServletException.java:17:20:17:25 | userId | UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) : String | UncaughtServletException.java:17:20:17:25 | userId | $@ flows to here and can throw uncaught exception. | UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) | User-provided value | -| UncaughtServletException.java:55:45:55:46 | ip | UncaughtServletException.java:54:16:54:44 | getParameter(...) : String | UncaughtServletException.java:55:45:55:46 | ip | $@ flows to here and can throw uncaught exception. | UncaughtServletException.java:54:16:54:44 | getParameter(...) | User-provided value | -| UncaughtServletException.java:76:22:76:27 | userId | UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) : String | UncaughtServletException.java:76:22:76:27 | userId | $@ flows to here and can throw uncaught exception. | UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) | User-provided value | +| UncaughtServletException.java:14:44:14:45 | ip | UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | UncaughtServletException.java:14:44:14:45 | ip | This value depends on a $@ and can throw uncaught exception. | UncaughtServletException.java:13:15:13:43 | getParameter(...) | user-provided value | +| UncaughtServletException.java:17:20:17:25 | userId | UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) : String | UncaughtServletException.java:17:20:17:25 | userId | This value depends on a $@ and can throw uncaught exception. | UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) | user-provided value | +| UncaughtServletException.java:55:45:55:46 | ip | UncaughtServletException.java:54:16:54:44 | getParameter(...) : String | UncaughtServletException.java:55:45:55:46 | ip | This value depends on a $@ and can throw uncaught exception. | UncaughtServletException.java:54:16:54:44 | getParameter(...) | user-provided value | +| UncaughtServletException.java:76:22:76:27 | userId | UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) : String | UncaughtServletException.java:76:22:76:27 | userId | This value depends on a $@ and can throw uncaught exception. | UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) | user-provided value | diff --git a/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.expected b/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.expected new file mode 100644 index 00000000000..6b4abd0e1a4 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.expected @@ -0,0 +1 @@ +| Generated.kt:0:0:0:0 | Generated | diff --git a/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.kt b/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.kt new file mode 100644 index 00000000000..4aa496a1b7d --- /dev/null +++ b/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.kt @@ -0,0 +1,3 @@ +// This file was auto generated by me + +class B \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.ql b/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.ql new file mode 100644 index 00000000000..131acde1993 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/GeneratedFiles/Generated.ql @@ -0,0 +1,4 @@ +import java + +from GeneratedFile f +select f diff --git a/java/ql/test/kotlin/library-tests/GeneratedFiles/NonGenerated.kt b/java/ql/test/kotlin/library-tests/GeneratedFiles/NonGenerated.kt new file mode 100644 index 00000000000..4fd8af3f7a3 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/GeneratedFiles/NonGenerated.kt @@ -0,0 +1,3 @@ +// This file was not generated + +class A \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/classes/PrintAst.expected b/java/ql/test/kotlin/library-tests/classes/PrintAst.expected index bee30f893cc..3d2fd34f0f5 100644 --- a/java/ql/test/kotlin/library-tests/classes/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/classes/PrintAst.expected @@ -676,7 +676,7 @@ generic_anonymous.kt: # 7| 0: [MethodAccess] getMember(...) # 7| -1: [MethodAccess] getX$private(...) # 7| -1: [ThisAccess] this -# 15| 3: [Class,GenericType,ParameterizedType] Outer +# 15| 4: [Class,GenericType,ParameterizedType] Outer #-----| -2: (Generic Parameters) # 15| 0: [TypeVariable] T0 # 15| 6: [Constructor] Outer @@ -944,6 +944,7 @@ local_anonymous.kt: # 21| 1: [Constructor] # 21| 5: [BlockStmt] { ... } # 21| 0: [SuperConstructorInvocationStmt] super(...) +# 21| 0: [IntegerLiteral] 1 # 21| 2: [Method] invoke #-----| 4: (Parameters) # 21| 0: [Parameter] a0 diff --git a/java/ql/test/kotlin/library-tests/classes/superTypes.expected b/java/ql/test/kotlin/library-tests/classes/superTypes.expected index f5b9cd025fc..31b8979e0b3 100644 --- a/java/ql/test/kotlin/library-tests/classes/superTypes.expected +++ b/java/ql/test/kotlin/library-tests/classes/superTypes.expected @@ -1,3 +1,109 @@ +extendsOrImplements +| classes.kt:2:1:2:18 | ClassOne | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:4:1:6:1 | ClassTwo | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:8:1:10:1 | ClassThree | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:12:1:15:1 | ClassFour | classes.kt:8:1:10:1 | ClassThree | extends | +| classes.kt:17:1:18:1 | ClassFive | classes.kt:12:1:15:1 | ClassFour | extends | +| classes.kt:20:1:22:1 | IF1 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:24:1:26:1 | IF2 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:28:1:30:1 | ClassSix | classes.kt:12:1:15:1 | ClassFour | extends | +| classes.kt:28:1:30:1 | ClassSix | classes.kt:20:1:22:1 | IF1 | implements | +| classes.kt:28:1:30:1 | ClassSix | classes.kt:24:1:26:1 | IF2 | implements | +| classes.kt:34:1:47:1 | ClassSeven | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:49:1:51:1 | Direction | file:///Enum.class:0:0:0:0 | Enum | extends | +| classes.kt:53:1:57:1 | Color | file:///Enum.class:0:0:0:0 | Enum | extends | +| classes.kt:59:1:59:23 | Interface1 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:60:1:60:23 | Interface2 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:61:1:61:26 | Interface3 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:63:1:91:1 | Class1 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:66:20:66:54 | new Object(...) { ... } | classes.kt:59:1:59:23 | Interface1 | implements | +| classes.kt:66:20:66:54 | new Object(...) { ... } | classes.kt:60:1:60:23 | Interface2 | implements | +| classes.kt:68:20:68:74 | new Object(...) { ... } | classes.kt:59:1:59:23 | Interface1 | implements | +| classes.kt:68:20:68:74 | new Object(...) { ... } | classes.kt:60:1:60:23 | Interface2 | implements | +| classes.kt:68:20:68:74 | new Object(...) { ... } | file:///Interface3.class:0:0:0:0 | Interface3 | implements | +| classes.kt:72:16:77:10 | new Object(...) { ... } | classes.kt:59:1:59:23 | Interface1 | implements | +| classes.kt:72:16:77:10 | new Object(...) { ... } | classes.kt:60:1:60:23 | Interface2 | implements | +| classes.kt:75:24:75:33 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:81:16:81:38 | new Interface1(...) { ... } | classes.kt:59:1:59:23 | Interface1 | implements | +| classes.kt:85:16:85:25 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:89:16:89:44 | new Interface3(...) { ... } | file:///Interface3.class:0:0:0:0 | Interface3 | implements | +| classes.kt:93:1:93:26 | pulicClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:94:1:94:29 | privateClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:95:1:95:31 | internalClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:96:1:96:34 | noExplicitVisibilityClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:98:1:104:1 | nestedClassVisibilities | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:99:5:99:36 | pulicNestedClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:100:5:100:43 | protectedNestedClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:101:5:101:39 | privateNestedClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:102:5:102:41 | internalNestedClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:103:5:103:44 | noExplicitVisibilityNestedClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:106:1:106:27 | sealedClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:107:1:107:23 | openClass | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:109:1:136:1 | C1 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:111:9:113:9 | Local1 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:118:9:123:9 | | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:119:13:121:13 | Local2 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:127:16:134:9 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:129:17:131:17 | Local3 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:138:1:148:1 | Cl0 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:140:9:146:9 | | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:141:13:145:13 | Cl1 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:150:1:156:1 | Cl00 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:151:5:155:5 | Cl01 | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:159:5:159:14 | X | file:///Object.class:0:0:0:0 | Object | extends | +| classes.kt:162:13:162:22 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| file:///C1$$Local3.class:0:0:0:0 | Local3 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///C1$Local1.class:0:0:0:0 | Local1 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///C1$Local2.class:0:0:0:0 | Local2 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Generic.class:0:0:0:0 | Generic | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Generic.class:0:0:0:0 | Generic | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Interface3.class:0:0:0:0 | Interface3 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Interface3.class:0:0:0:0 | Interface3 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Outer$C0.class:0:0:0:0 | C0 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Outer$C0.class:0:0:0:0 | C0 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Outer$C1.class:0:0:0:0 | C1 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Outer$C1.class:0:0:0:0 | C1 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///Outer$C1.class:0:0:0:0 | C1 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///SuperChain1.class:0:0:0:0 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///SuperChain1.class:0:0:0:0 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | extends | +| file:///SuperChain2.class:0:0:0:0 | SuperChain2 | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | extends | +| generic_anonymous.kt:1:1:9:1 | Generic | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:1:1:9:1 | Generic<> | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:3:19:5:3 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:3:19:5:3 | new Object(...) { ... }<> | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:15:1:33:1 | Outer | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:16:5:18:5 | C0 | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:20:5:22:5 | C1 | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:25:9:31:9 | | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:26:13:26:37 | new Object(...) { ... } | file:///Outer$C0.class:0:0:0:0 | C0 | implements | +| generic_anonymous.kt:26:13:26:37 | new Object(...) { ... } | file:///Outer$C1.class:0:0:0:0 | C1 | implements | +| generic_anonymous.kt:27:13:27:37 | new Object(...) { ... } | file:///Outer$C0.class:0:0:0:0 | C0 | implements | +| generic_anonymous.kt:27:13:27:37 | new Object(...) { ... } | file:///Outer$C1.class:0:0:0:0 | C1 | implements | +| generic_anonymous.kt:28:13:28:41 | new Object(...) { ... } | file:///Outer$C0.class:0:0:0:0 | C0 | implements | +| generic_anonymous.kt:28:13:28:41 | new Object(...) { ... } | file:///Outer$C1.class:0:0:0:0 | C1 | implements | +| generic_anonymous.kt:29:13:29:29 | new C0(...) { ... } | file:///Outer$C0.class:0:0:0:0 | C0 | implements | +| generic_anonymous.kt:30:13:30:33 | new C0(...) { ... } | file:///Outer$C0.class:0:0:0:0 | C0 | implements | +| localClassField.kt:1:1:11:1 | A | file:///Object.class:0:0:0:0 | Object | extends | +| localClassField.kt:3:9:3:19 | L | file:///Object.class:0:0:0:0 | Object | extends | +| localClassField.kt:8:9:8:19 | L | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:3:1:36:1 | Class1 | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:5:16:7:9 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:11:9:11:24 | | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:16:23:16:49 | new Function2(...) { ... } | file:///Function2.class:0:0:0:0 | Function2 | implements | +| local_anonymous.kt:16:23:16:49 | new Function2(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:17:23:17:49 | new Function2(...) { ... } | file:///Function2.class:0:0:0:0 | Function2 | implements | +| local_anonymous.kt:17:23:17:49 | new Function2(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:21:21:21:31 | new Function1(...) { ... } | file:///Function1.class:0:0:0:0 | Function1 | implements | +| local_anonymous.kt:21:21:21:31 | new Function1(...) { ... } | file:///FunctionReference.class:0:0:0:0 | FunctionReference | extends | +| local_anonymous.kt:25:9:25:27 | LocalClass | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:29:31:35:5 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:38:1:38:23 | Interface2 | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:39:1:45:1 | Class2 | file:///Object.class:0:0:0:0 | Object | extends | +| local_anonymous.kt:40:14:44:5 | new Interface2(...) { ... } | local_anonymous.kt:38:1:38:23 | Interface2 | implements | +| superChain.kt:1:1:1:33 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | extends | +| superChain.kt:2:1:2:60 | SuperChain2 | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | extends | +| superChain.kt:3:1:3:60 | SuperChain3 | file:///SuperChain2.class:0:0:0:0 | SuperChain2 | extends | +#select | classes.kt:2:1:2:18 | ClassOne | file:///Object.class:0:0:0:0 | Object | | classes.kt:4:1:6:1 | ClassTwo | file:///Object.class:0:0:0:0 | Object | | classes.kt:8:1:10:1 | ClassThree | file:///Object.class:0:0:0:0 | Object | @@ -50,12 +156,17 @@ | file:///C1$Local1.class:0:0:0:0 | Local1 | file:///Object.class:0:0:0:0 | Object | | file:///C1$Local2.class:0:0:0:0 | Local2 | file:///Object.class:0:0:0:0 | Object | | file:///Generic.class:0:0:0:0 | Generic | file:///Object.class:0:0:0:0 | Object | +| file:///Generic.class:0:0:0:0 | Generic | generic_anonymous.kt:1:1:9:1 | Generic<> | | file:///Generic.class:0:0:0:0 | Generic | file:///Object.class:0:0:0:0 | Object | +| file:///Generic.class:0:0:0:0 | Generic | generic_anonymous.kt:1:1:9:1 | Generic<> | | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | | file:///SuperChain2.class:0:0:0:0 | SuperChain2 | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | | generic_anonymous.kt:1:1:9:1 | Generic | file:///Object.class:0:0:0:0 | Object | +| generic_anonymous.kt:1:1:9:1 | Generic | generic_anonymous.kt:1:1:9:1 | Generic<> | +| generic_anonymous.kt:1:1:9:1 | Generic<> | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:3:19:5:3 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | +| generic_anonymous.kt:3:19:5:3 | new Object(...) { ... }<> | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:15:1:33:1 | Outer | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:25:9:31:9 | | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:26:13:26:37 | new Object(...) { ... } | file:///Outer$C0.class:0:0:0:0 | C0 | diff --git a/java/ql/test/kotlin/library-tests/classes/superTypes.ql b/java/ql/test/kotlin/library-tests/classes/superTypes.ql index d36ae974d65..700540ce43b 100644 --- a/java/ql/test/kotlin/library-tests/classes/superTypes.ql +++ b/java/ql/test/kotlin/library-tests/classes/superTypes.ql @@ -16,3 +16,12 @@ where c.getSourceDeclaration().fromSource() and superType = c.getASupertype() select c, superType + +query predicate extendsOrImplements(ClassOrInterface c, Type superType, string kind) { + c.getSourceDeclaration().fromSource() and + ( + extendsReftype(c, superType) and kind = "extends" + or + implInterface(c, superType) and kind = "implements" + ) +} diff --git a/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected new file mode 100644 index 00000000000..99312685a0e --- /dev/null +++ b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected @@ -0,0 +1,84 @@ +test.kt: +# 0| [CompilationUnit] test +# 1| 1: [Interface] Ann +# 1| 1: [Constructor] Ann +#-----| 4: (Parameters) +# 1| 0: [Parameter] arr1 +# 1| 0: [TypeAccess] String[] +# 1| 0: [TypeAccess] String +# 1| 1: [Parameter] arr2 +# 1| 0: [TypeAccess] int[] +# 1| 5: [BlockStmt] { ... } +# 1| 0: [SuperConstructorInvocationStmt] super(...) +# 1| 1: [BlockStmt] { ... } +# 1| 0: [ExprStmt] ; +# 1| 0: [KtInitializerAssignExpr] ...=... +# 1| 0: [VarAccess] arr1 +# 1| 1: [ExprStmt] ; +# 1| 0: [KtInitializerAssignExpr] ...=... +# 1| 0: [VarAccess] arr2 +# 1| 2: [Constructor] Ann +#-----| 4: (Parameters) +# 1| 0: [Parameter] p0 +# 1| 0: [TypeAccess] String[] +# 1| 1: [Parameter] p1 +# 1| 0: [TypeAccess] int[] +# 1| 2: [Parameter] p2 +# 1| 0: [TypeAccess] int +# 1| 3: [Parameter] p3 +# 1| 0: [TypeAccess] DefaultConstructorMarker +# 1| 5: [BlockStmt] { ... } +# 1| 0: [IfStmt] if (...) +# 1| 0: [EQExpr] ... == ... +# 1| 0: [AndBitwiseExpr] ... & ... +# 1| 0: [IntegerLiteral] 1 +# 1| 1: [VarAccess] p2 +# 1| 1: [IntegerLiteral] 0 +# 1| 1: [ExprStmt] ; +# 1| 0: [AssignExpr] ...=... +# 1| 0: [VarAccess] p0 +# 0| 1: [ArrayCreationExpr] new String[] +# 0| -2: [ArrayInit] {...} +# 0| 0: [StringLiteral] hello +# 0| 1: [StringLiteral] world +# 0| -1: [TypeAccess] String +# 0| 0: [IntegerLiteral] 2 +# 1| 1: [IfStmt] if (...) +# 1| 0: [EQExpr] ... == ... +# 1| 0: [AndBitwiseExpr] ... & ... +# 1| 0: [IntegerLiteral] 2 +# 1| 1: [VarAccess] p2 +# 1| 1: [IntegerLiteral] 0 +# 1| 1: [ExprStmt] ; +# 1| 0: [AssignExpr] ...=... +# 1| 0: [VarAccess] p1 +# 0| 1: [ArrayCreationExpr] new int[] +# 0| -2: [ArrayInit] {...} +# 0| 0: [IntegerLiteral] 1 +# 0| 1: [IntegerLiteral] 2 +# 0| 2: [IntegerLiteral] 3 +# 0| -1: [TypeAccess] int +# 0| 0: [IntegerLiteral] 3 +# 1| 2: [ThisConstructorInvocationStmt] this(...) +# 1| 0: [VarAccess] p0 +# 1| 1: [VarAccess] p1 +# 1| 3: [FieldDeclaration] String[] arr1; +# 1| -1: [TypeAccess] String[] +# 1| 0: [TypeAccess] String +# 1| 0: [VarAccess] arr1 +# 1| 4: [Method] arr1 +# 1| 3: [TypeAccess] String[] +# 1| 0: [TypeAccess] String +# 1| 5: [BlockStmt] { ... } +# 1| 0: [ReturnStmt] return ... +# 1| 0: [VarAccess] this.arr1 +# 1| -1: [ThisAccess] this +# 1| 5: [Method] arr2 +# 1| 3: [TypeAccess] int[] +# 1| 5: [BlockStmt] { ... } +# 1| 0: [ReturnStmt] return ... +# 1| 0: [VarAccess] this.arr2 +# 1| -1: [ThisAccess] this +# 1| 6: [FieldDeclaration] int[] arr2; +# 1| -1: [TypeAccess] int[] +# 1| 0: [VarAccess] arr2 diff --git a/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.qlref b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.qlref new file mode 100644 index 00000000000..c7fd5faf239 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.qlref @@ -0,0 +1 @@ +semmle/code/java/PrintAst.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/collection-literals/test.kt b/java/ql/test/kotlin/library-tests/collection-literals/test.kt new file mode 100644 index 00000000000..615b296239a --- /dev/null +++ b/java/ql/test/kotlin/library-tests/collection-literals/test.kt @@ -0,0 +1 @@ +annotation class Ann(val arr1: Array = ["hello", "world"], val arr2: IntArray = [1, 2, 3]) { } diff --git a/java/ql/test/kotlin/library-tests/controlflow/basic/CONSISTENCY/javaEquivalent.expected b/java/ql/test/kotlin/library-tests/controlflow/basic/CONSISTENCY/javaEquivalent.expected new file mode 100644 index 00000000000..56758ed4c6b --- /dev/null +++ b/java/ql/test/kotlin/library-tests/controlflow/basic/CONSISTENCY/javaEquivalent.expected @@ -0,0 +1 @@ +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | diff --git a/java/ql/test/kotlin/library-tests/controlflow/dominance/CONSISTENCY/javaEquivalent.expected b/java/ql/test/kotlin/library-tests/controlflow/dominance/CONSISTENCY/javaEquivalent.expected new file mode 100644 index 00000000000..9451ac520c8 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/controlflow/dominance/CONSISTENCY/javaEquivalent.expected @@ -0,0 +1,2 @@ +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | diff --git a/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected b/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected index aa31626daeb..d52888544dc 100644 --- a/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected @@ -28,7 +28,48 @@ dc.kt: # 0| -3: [TypeAccess] ProtoMapValue # 0| 0: [VarAccess] bytes # 0| 1: [VarAccess] strs -# 0| 4: [Method] equals +# 0| 4: [Method] copy$default +# 0| 3: [TypeAccess] ProtoMapValue +#-----| 4: (Parameters) +# 0| 0: [Parameter] p0 +# 0| 0: [TypeAccess] ProtoMapValue +# 0| 1: [Parameter] p1 +# 0| 0: [TypeAccess] byte[] +# 0| 2: [Parameter] p2 +# 0| 0: [TypeAccess] String[] +# 0| 3: [Parameter] p3 +# 0| 0: [TypeAccess] int +# 0| 4: [Parameter] p4 +# 0| 0: [TypeAccess] Object +# 0| 5: [BlockStmt] { ... } +# 0| 0: [IfStmt] if (...) +# 0| 0: [EQExpr] ... == ... +# 0| 0: [AndBitwiseExpr] ... & ... +# 0| 0: [IntegerLiteral] 1 +# 0| 1: [VarAccess] p3 +# 0| 1: [IntegerLiteral] 0 +# 0| 1: [ExprStmt] ; +# 0| 0: [AssignExpr] ...=... +# 0| 0: [VarAccess] p1 +# 0| 1: [VarAccess] p0.bytes +# 0| -1: [VarAccess] p0 +# 0| 1: [IfStmt] if (...) +# 0| 0: [EQExpr] ... == ... +# 0| 0: [AndBitwiseExpr] ... & ... +# 0| 0: [IntegerLiteral] 2 +# 0| 1: [VarAccess] p3 +# 0| 1: [IntegerLiteral] 0 +# 0| 1: [ExprStmt] ; +# 0| 0: [AssignExpr] ...=... +# 0| 0: [VarAccess] p2 +# 0| 1: [VarAccess] p0.strs +# 0| -1: [VarAccess] p0 +# 0| 2: [ReturnStmt] return ... +# 0| 0: [MethodAccess] copy(...) +# 0| -1: [VarAccess] p0 +# 0| 0: [VarAccess] p1 +# 0| 1: [VarAccess] p2 +# 0| 5: [Method] equals # 0| 3: [TypeAccess] boolean #-----| 4: (Parameters) # 0| 0: [Parameter] other @@ -77,7 +118,7 @@ dc.kt: # 0| 0: [BooleanLiteral] false # 0| 5: [ReturnStmt] return ... # 0| 0: [BooleanLiteral] true -# 0| 5: [Method] hashCode +# 0| 6: [Method] hashCode # 0| 3: [TypeAccess] int # 0| 5: [BlockStmt] { ... } # 0| 0: [LocalVariableDeclStmt] var ...; @@ -89,17 +130,17 @@ dc.kt: # 0| 1: [ExprStmt] ; # 0| 0: [AssignExpr] ...=... # 0| 0: [VarAccess] result -# 0| 1: [MethodAccess] plus(...) -# 0| -1: [MethodAccess] times(...) -# 0| -1: [VarAccess] result -# 0| 0: [IntegerLiteral] 31 -# 0| 0: [MethodAccess] hashCode(...) +# 0| 1: [AddExpr] ... + ... +# 0| 0: [MulExpr] ... * ... +# 0| 0: [VarAccess] result +# 0| 1: [IntegerLiteral] 31 +# 0| 1: [MethodAccess] hashCode(...) # 0| -1: [TypeAccess] Arrays # 0| 0: [VarAccess] this.strs # 0| -1: [ThisAccess] this # 0| 2: [ReturnStmt] return ... # 0| 0: [VarAccess] result -# 0| 6: [Method] toString +# 0| 7: [Method] toString # 0| 3: [TypeAccess] String # 0| 5: [BlockStmt] { ... } # 0| 0: [ReturnStmt] return ... @@ -117,7 +158,7 @@ dc.kt: # 0| 0: [VarAccess] this.strs # 0| -1: [ThisAccess] this # 0| 6: [StringLiteral] ) -# 1| 7: [Constructor] ProtoMapValue +# 1| 8: [Constructor] ProtoMapValue #-----| 4: (Parameters) # 1| 0: [Parameter] bytes # 1| 0: [TypeAccess] byte[] @@ -133,20 +174,20 @@ dc.kt: # 1| 1: [ExprStmt] ; # 1| 0: [KtInitializerAssignExpr] ...=... # 1| 0: [VarAccess] strs -# 1| 8: [FieldDeclaration] byte[] bytes; +# 1| 9: [FieldDeclaration] byte[] bytes; # 1| -1: [TypeAccess] byte[] # 1| 0: [VarAccess] bytes -# 1| 9: [Method] getBytes +# 1| 10: [Method] getBytes # 1| 3: [TypeAccess] byte[] # 1| 5: [BlockStmt] { ... } # 1| 0: [ReturnStmt] return ... # 1| 0: [VarAccess] this.bytes # 1| -1: [ThisAccess] this -# 1| 10: [FieldDeclaration] String[] strs; +# 1| 11: [FieldDeclaration] String[] strs; # 1| -1: [TypeAccess] String[] # 1| 0: [TypeAccess] String # 1| 0: [VarAccess] strs -# 1| 11: [Method] getStrs +# 1| 12: [Method] getStrs # 1| 3: [TypeAccess] String[] # 1| 0: [TypeAccess] String # 1| 5: [BlockStmt] { ... } diff --git a/java/ql/test/kotlin/library-tests/data-classes/callees.expected b/java/ql/test/kotlin/library-tests/data-classes/callees.expected index 4c01e2402fa..f16c4ffb435 100644 --- a/java/ql/test/kotlin/library-tests/data-classes/callees.expected +++ b/java/ql/test/kotlin/library-tests/data-classes/callees.expected @@ -1,8 +1,7 @@ +| dc.kt:0:0:0:0 | copy(...) | ProtoMapValue.copy | | dc.kt:0:0:0:0 | hashCode(...) | java.util.Arrays.hashCode | | dc.kt:0:0:0:0 | hashCode(...) | java.util.Arrays.hashCode | | dc.kt:0:0:0:0 | new ProtoMapValue(...) | ProtoMapValue.ProtoMapValue | -| dc.kt:0:0:0:0 | plus(...) | kotlin.Int.plus | -| dc.kt:0:0:0:0 | times(...) | kotlin.Int.times | | dc.kt:0:0:0:0 | toString(...) | java.util.Arrays.toString | | dc.kt:0:0:0:0 | toString(...) | java.util.Arrays.toString | | dc.kt:1:1:1:71 | super(...) | java.lang.Object.Object | diff --git a/java/ql/test/kotlin/library-tests/enum/enumUser.kt b/java/ql/test/kotlin/library-tests/enum/enumUser.kt index a0b938cbb79..c684d2d1998 100644 --- a/java/ql/test/kotlin/library-tests/enum/enumUser.kt +++ b/java/ql/test/kotlin/library-tests/enum/enumUser.kt @@ -1 +1,3 @@ fun usesEnum(e: Enum<*>) = e.ordinal.toString() + e.name + +enum class E { A, B, C } diff --git a/java/ql/test/kotlin/library-tests/enum/test.expected b/java/ql/test/kotlin/library-tests/enum/test.expected index c410e68ddd2..abc7e2e87c7 100644 --- a/java/ql/test/kotlin/library-tests/enum/test.expected +++ b/java/ql/test/kotlin/library-tests/enum/test.expected @@ -1,3 +1,8 @@ +enumConstants +| enumUser.kt:3:16:3:17 | A | +| enumUser.kt:3:19:3:20 | B | +| enumUser.kt:3:22:3:22 | C | +#select | addAll | | addRange | | allOf | diff --git a/java/ql/test/kotlin/library-tests/enum/test.ql b/java/ql/test/kotlin/library-tests/enum/test.ql index b255cc61bd6..8d83314e5c3 100644 --- a/java/ql/test/kotlin/library-tests/enum/test.ql +++ b/java/ql/test/kotlin/library-tests/enum/test.ql @@ -3,3 +3,5 @@ import java from Method m where m.getDeclaringType().getName().matches("Enum%") select m.getName() + +query predicate enumConstants(EnumConstant ec) { ec.fromSource() } diff --git a/java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/javaEquivalent.expected b/java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/javaEquivalent.expected new file mode 100644 index 00000000000..a5d2f9c316b --- /dev/null +++ b/java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/javaEquivalent.expected @@ -0,0 +1,59 @@ +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.dec in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.inc in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.inc in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.inc in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.inc in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.rangeTo in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.rangeTo in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | diff --git a/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected b/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected index eab724a0c4d..ccecb3e5c48 100644 --- a/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected @@ -1944,38 +1944,38 @@ exprs.kt: # 15| 1: [VarAccess] y # 16| 5: [LocalVariableDeclStmt] var ...; # 16| 1: [LocalVariableDeclExpr] i6 -# 16| 0: [MethodAccess] shl(...) -# 16| -1: [VarAccess] x -# 16| 0: [VarAccess] y +# 16| 0: [LShiftExpr] ... << ... +# 16| 0: [VarAccess] x +# 16| 1: [VarAccess] y # 17| 6: [LocalVariableDeclStmt] var ...; # 17| 1: [LocalVariableDeclExpr] i7 -# 17| 0: [MethodAccess] shr(...) -# 17| -1: [VarAccess] x -# 17| 0: [VarAccess] y +# 17| 0: [RShiftExpr] ... >> ... +# 17| 0: [VarAccess] x +# 17| 1: [VarAccess] y # 18| 7: [LocalVariableDeclStmt] var ...; # 18| 1: [LocalVariableDeclExpr] i8 -# 18| 0: [MethodAccess] ushr(...) -# 18| -1: [VarAccess] x -# 18| 0: [VarAccess] y +# 18| 0: [URShiftExpr] ... >>> ... +# 18| 0: [VarAccess] x +# 18| 1: [VarAccess] y # 19| 8: [LocalVariableDeclStmt] var ...; # 19| 1: [LocalVariableDeclExpr] i9 -# 19| 0: [MethodAccess] and(...) -# 19| -1: [VarAccess] x -# 19| 0: [VarAccess] y +# 19| 0: [AndBitwiseExpr] ... & ... +# 19| 0: [VarAccess] x +# 19| 1: [VarAccess] y # 20| 9: [LocalVariableDeclStmt] var ...; # 20| 1: [LocalVariableDeclExpr] i10 -# 20| 0: [MethodAccess] or(...) -# 20| -1: [VarAccess] x -# 20| 0: [VarAccess] y +# 20| 0: [OrBitwiseExpr] ... | ... +# 20| 0: [VarAccess] x +# 20| 1: [VarAccess] y # 21| 10: [LocalVariableDeclStmt] var ...; # 21| 1: [LocalVariableDeclExpr] i11 -# 21| 0: [MethodAccess] xor(...) -# 21| -1: [VarAccess] x -# 21| 0: [VarAccess] y +# 21| 0: [XorBitwiseExpr] ... ^ ... +# 21| 0: [VarAccess] x +# 21| 1: [VarAccess] y # 22| 11: [LocalVariableDeclStmt] var ...; # 22| 1: [LocalVariableDeclExpr] i12 -# 22| 0: [MethodAccess] inv(...) -# 22| -1: [VarAccess] x +# 22| 0: [BitNotExpr] ~... +# 22| 0: [VarAccess] x # 23| 12: [LocalVariableDeclStmt] var ...; # 23| 1: [LocalVariableDeclExpr] i13 # 23| 0: [ValueEQExpr] ... (value equals) ... @@ -2025,8 +2025,8 @@ exprs.kt: # 31| 0: [VarAccess] x # 32| 21: [LocalVariableDeclStmt] var ...; # 32| 1: [LocalVariableDeclExpr] i22 -# 32| 0: [MethodAccess] not(...) -# 32| -1: [MethodAccess] contains(...) +# 32| 0: [LogNotExpr] !... +# 32| 0: [MethodAccess] contains(...) # 32| -1: [MethodAccess] rangeTo(...) # 32| -1: [VarAccess] x # 32| 0: [VarAccess] y @@ -2206,38 +2206,38 @@ exprs.kt: # 66| 1: [VarAccess] ly # 67| 53: [LocalVariableDeclStmt] var ...; # 67| 1: [LocalVariableDeclExpr] l6 -# 67| 0: [MethodAccess] shl(...) -# 67| -1: [VarAccess] lx -# 67| 0: [VarAccess] y +# 67| 0: [LShiftExpr] ... << ... +# 67| 0: [VarAccess] lx +# 67| 1: [VarAccess] y # 68| 54: [LocalVariableDeclStmt] var ...; # 68| 1: [LocalVariableDeclExpr] l7 -# 68| 0: [MethodAccess] shr(...) -# 68| -1: [VarAccess] lx -# 68| 0: [VarAccess] y +# 68| 0: [RShiftExpr] ... >> ... +# 68| 0: [VarAccess] lx +# 68| 1: [VarAccess] y # 69| 55: [LocalVariableDeclStmt] var ...; # 69| 1: [LocalVariableDeclExpr] l8 -# 69| 0: [MethodAccess] ushr(...) -# 69| -1: [VarAccess] lx -# 69| 0: [VarAccess] y +# 69| 0: [URShiftExpr] ... >>> ... +# 69| 0: [VarAccess] lx +# 69| 1: [VarAccess] y # 70| 56: [LocalVariableDeclStmt] var ...; # 70| 1: [LocalVariableDeclExpr] l9 -# 70| 0: [MethodAccess] and(...) -# 70| -1: [VarAccess] lx -# 70| 0: [VarAccess] ly +# 70| 0: [AndBitwiseExpr] ... & ... +# 70| 0: [VarAccess] lx +# 70| 1: [VarAccess] ly # 71| 57: [LocalVariableDeclStmt] var ...; # 71| 1: [LocalVariableDeclExpr] l10 -# 71| 0: [MethodAccess] or(...) -# 71| -1: [VarAccess] lx -# 71| 0: [VarAccess] ly +# 71| 0: [OrBitwiseExpr] ... | ... +# 71| 0: [VarAccess] lx +# 71| 1: [VarAccess] ly # 72| 58: [LocalVariableDeclStmt] var ...; # 72| 1: [LocalVariableDeclExpr] l11 -# 72| 0: [MethodAccess] xor(...) -# 72| -1: [VarAccess] lx -# 72| 0: [VarAccess] ly +# 72| 0: [XorBitwiseExpr] ... ^ ... +# 72| 0: [VarAccess] lx +# 72| 1: [VarAccess] ly # 73| 59: [LocalVariableDeclStmt] var ...; # 73| 1: [LocalVariableDeclExpr] l12 -# 73| 0: [MethodAccess] inv(...) -# 73| -1: [VarAccess] lx +# 73| 0: [BitNotExpr] ~... +# 73| 0: [VarAccess] lx # 74| 60: [LocalVariableDeclStmt] var ...; # 74| 1: [LocalVariableDeclExpr] l13 # 74| 0: [ValueEQExpr] ... (value equals) ... @@ -2422,8 +2422,8 @@ exprs.kt: # 114| 1: [VarAccess] b2 # 115| 98: [LocalVariableDeclStmt] var ...; # 115| 1: [LocalVariableDeclExpr] b5 -# 115| 0: [MethodAccess] not(...) -# 115| -1: [VarAccess] b1 +# 115| 0: [LogNotExpr] !... +# 115| 0: [VarAccess] b1 # 117| 99: [LocalVariableDeclStmt] var ...; # 117| 1: [LocalVariableDeclExpr] c # 117| 0: [CharacterLiteral] x @@ -2473,7 +2473,8 @@ exprs.kt: # 127| 0: [VarAccess] str1 # 127| 1: [VarAccess] str2 # 127| 2: [StringLiteral] bar -# 127| 3: [AddExpr] ... + ... +# 127| 3: [MethodAccess] stringPlus(...) +# 127| -1: [TypeAccess] Intrinsics # 127| 0: [VarAccess] str2 # 127| 1: [VarAccess] str1 # 127| 4: [StringLiteral] baz @@ -2854,6 +2855,422 @@ exprs.kt: # 276| 1: [MethodAccess] getEnumValues(...) # 276| -2: [TypeAccess] Color # 276| -1: [TypeAccess] ExprsKt +# 279| 14: [Method] unaryExprs +# 279| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 279| 0: [Parameter] i +# 279| 0: [TypeAccess] int +# 279| 1: [Parameter] d +# 279| 0: [TypeAccess] double +# 279| 2: [Parameter] b +# 279| 0: [TypeAccess] byte +# 279| 3: [Parameter] s +# 279| 0: [TypeAccess] short +# 279| 4: [Parameter] l +# 279| 0: [TypeAccess] long +# 279| 5: [Parameter] f +# 279| 0: [TypeAccess] float +# 279| 5: [BlockStmt] { ... } +# 280| 0: [ExprStmt] ; +# 280| 0: [ImplicitCoercionToUnitExpr] +# 280| 0: [TypeAccess] Unit +# 280| 1: [MinusExpr] -... +# 280| 0: [VarAccess] i +# 281| 1: [ExprStmt] ; +# 281| 0: [ImplicitCoercionToUnitExpr] +# 281| 0: [TypeAccess] Unit +# 281| 1: [PlusExpr] +... +# 281| 0: [VarAccess] i +# 282| 2: [ExprStmt] ; +# 282| 0: [ImplicitCoercionToUnitExpr] +# 282| 0: [TypeAccess] Unit +# 282| 1: [MinusExpr] -... +# 282| 0: [VarAccess] d +# 283| 3: [ExprStmt] ; +# 283| 0: [ImplicitCoercionToUnitExpr] +# 283| 0: [TypeAccess] Unit +# 283| 1: [PlusExpr] +... +# 283| 0: [VarAccess] d +# 284| 4: [LocalVariableDeclStmt] var ...; +# 284| 1: [LocalVariableDeclExpr] i0 +# 284| 0: [IntegerLiteral] 1 +# 285| 5: [LocalVariableDeclStmt] var ...; +# 285| 1: [LocalVariableDeclExpr] i1 +# 285| 0: [IntegerLiteral] 1 +# 286| 6: [ExprStmt] ; +# 286| 0: [ImplicitCoercionToUnitExpr] +# 286| 0: [TypeAccess] Unit +# 286| 1: [StmtExpr] +# 286| 0: [BlockStmt] { ... } +# 286| 0: [LocalVariableDeclStmt] var ...; +# 286| 1: [LocalVariableDeclExpr] tmp0 +# 286| 0: [VarAccess] i0 +# 286| 1: [ExprStmt] ; +# 286| 0: [AssignExpr] ...=... +# 286| 0: [VarAccess] i0 +# 286| 1: [MethodAccess] inc(...) +# 286| -1: [VarAccess] tmp0 +# 286| 2: [ExprStmt] ; +# 286| 0: [VarAccess] tmp0 +# 287| 7: [ExprStmt] ; +# 287| 0: [ImplicitCoercionToUnitExpr] +# 287| 0: [TypeAccess] Unit +# 287| 1: [StmtExpr] +# 287| 0: [BlockStmt] { ... } +# 287| 0: [ExprStmt] ; +# 287| 0: [AssignExpr] ...=... +# 287| 0: [VarAccess] i0 +# 287| 1: [MethodAccess] inc(...) +# 287| -1: [VarAccess] i0 +# 287| 1: [ExprStmt] ; +# 287| 0: [VarAccess] i0 +# 288| 8: [ExprStmt] ; +# 288| 0: [ImplicitCoercionToUnitExpr] +# 288| 0: [TypeAccess] Unit +# 288| 1: [StmtExpr] +# 288| 0: [BlockStmt] { ... } +# 288| 0: [LocalVariableDeclStmt] var ...; +# 288| 1: [LocalVariableDeclExpr] tmp1 +# 288| 0: [VarAccess] i0 +# 288| 1: [ExprStmt] ; +# 288| 0: [AssignExpr] ...=... +# 288| 0: [VarAccess] i0 +# 288| 1: [MethodAccess] dec(...) +# 288| -1: [VarAccess] tmp1 +# 288| 2: [ExprStmt] ; +# 288| 0: [VarAccess] tmp1 +# 289| 9: [ExprStmt] ; +# 289| 0: [ImplicitCoercionToUnitExpr] +# 289| 0: [TypeAccess] Unit +# 289| 1: [StmtExpr] +# 289| 0: [BlockStmt] { ... } +# 289| 0: [ExprStmt] ; +# 289| 0: [AssignExpr] ...=... +# 289| 0: [VarAccess] i0 +# 289| 1: [MethodAccess] dec(...) +# 289| -1: [VarAccess] i0 +# 289| 1: [ExprStmt] ; +# 289| 0: [VarAccess] i0 +# 290| 10: [ExprStmt] ; +# 290| 0: [ImplicitCoercionToUnitExpr] +# 290| 0: [TypeAccess] Unit +# 290| 1: [MethodAccess] inc(...) +# 290| -1: [VarAccess] i0 +# 291| 11: [ExprStmt] ; +# 291| 0: [ImplicitCoercionToUnitExpr] +# 291| 0: [TypeAccess] Unit +# 291| 1: [MethodAccess] dec(...) +# 291| -1: [VarAccess] i0 +# 292| 12: [ExprStmt] ; +# 292| 0: [ImplicitCoercionToUnitExpr] +# 292| 0: [TypeAccess] Unit +# 292| 1: [MethodAccess] inc(...) +# 292| -1: [VarAccess] i1 +# 293| 13: [ExprStmt] ; +# 293| 0: [ImplicitCoercionToUnitExpr] +# 293| 0: [TypeAccess] Unit +# 293| 1: [MethodAccess] dec(...) +# 293| -1: [VarAccess] i1 +# 294| 14: [ExprStmt] ; +# 294| 0: [ImplicitCoercionToUnitExpr] +# 294| 0: [TypeAccess] Unit +# 294| 1: [BitNotExpr] ~... +# 294| 0: [VarAccess] i +# 296| 15: [ExprStmt] ; +# 296| 0: [ImplicitCoercionToUnitExpr] +# 296| 0: [TypeAccess] Unit +# 296| 1: [MinusExpr] -... +# 296| 0: [VarAccess] b +# 297| 16: [ExprStmt] ; +# 297| 0: [ImplicitCoercionToUnitExpr] +# 297| 0: [TypeAccess] Unit +# 297| 1: [PlusExpr] +... +# 297| 0: [VarAccess] b +# 298| 17: [LocalVariableDeclStmt] var ...; +# 298| 1: [LocalVariableDeclExpr] b0 +# 298| 0: [IntegerLiteral] 1 +# 299| 18: [LocalVariableDeclStmt] var ...; +# 299| 1: [LocalVariableDeclExpr] b1 +# 299| 0: [IntegerLiteral] 1 +# 300| 19: [ExprStmt] ; +# 300| 0: [ImplicitCoercionToUnitExpr] +# 300| 0: [TypeAccess] Unit +# 300| 1: [StmtExpr] +# 300| 0: [BlockStmt] { ... } +# 300| 0: [LocalVariableDeclStmt] var ...; +# 300| 1: [LocalVariableDeclExpr] tmp2 +# 300| 0: [VarAccess] b0 +# 300| 1: [ExprStmt] ; +# 300| 0: [AssignExpr] ...=... +# 300| 0: [VarAccess] b0 +# 300| 1: [MethodAccess] inc(...) +# 300| -1: [VarAccess] tmp2 +# 300| 2: [ExprStmt] ; +# 300| 0: [VarAccess] tmp2 +# 301| 20: [ExprStmt] ; +# 301| 0: [ImplicitCoercionToUnitExpr] +# 301| 0: [TypeAccess] Unit +# 301| 1: [StmtExpr] +# 301| 0: [BlockStmt] { ... } +# 301| 0: [ExprStmt] ; +# 301| 0: [AssignExpr] ...=... +# 301| 0: [VarAccess] b0 +# 301| 1: [MethodAccess] inc(...) +# 301| -1: [VarAccess] b0 +# 301| 1: [ExprStmt] ; +# 301| 0: [VarAccess] b0 +# 302| 21: [ExprStmt] ; +# 302| 0: [ImplicitCoercionToUnitExpr] +# 302| 0: [TypeAccess] Unit +# 302| 1: [StmtExpr] +# 302| 0: [BlockStmt] { ... } +# 302| 0: [LocalVariableDeclStmt] var ...; +# 302| 1: [LocalVariableDeclExpr] tmp3 +# 302| 0: [VarAccess] b0 +# 302| 1: [ExprStmt] ; +# 302| 0: [AssignExpr] ...=... +# 302| 0: [VarAccess] b0 +# 302| 1: [MethodAccess] dec(...) +# 302| -1: [VarAccess] tmp3 +# 302| 2: [ExprStmt] ; +# 302| 0: [VarAccess] tmp3 +# 303| 22: [ExprStmt] ; +# 303| 0: [ImplicitCoercionToUnitExpr] +# 303| 0: [TypeAccess] Unit +# 303| 1: [StmtExpr] +# 303| 0: [BlockStmt] { ... } +# 303| 0: [ExprStmt] ; +# 303| 0: [AssignExpr] ...=... +# 303| 0: [VarAccess] b0 +# 303| 1: [MethodAccess] dec(...) +# 303| -1: [VarAccess] b0 +# 303| 1: [ExprStmt] ; +# 303| 0: [VarAccess] b0 +# 304| 23: [ExprStmt] ; +# 304| 0: [ImplicitCoercionToUnitExpr] +# 304| 0: [TypeAccess] Unit +# 304| 1: [MethodAccess] inc(...) +# 304| -1: [VarAccess] b0 +# 305| 24: [ExprStmt] ; +# 305| 0: [ImplicitCoercionToUnitExpr] +# 305| 0: [TypeAccess] Unit +# 305| 1: [MethodAccess] dec(...) +# 305| -1: [VarAccess] b0 +# 306| 25: [ExprStmt] ; +# 306| 0: [ImplicitCoercionToUnitExpr] +# 306| 0: [TypeAccess] Unit +# 306| 1: [MethodAccess] inc(...) +# 306| -1: [VarAccess] b1 +# 307| 26: [ExprStmt] ; +# 307| 0: [ImplicitCoercionToUnitExpr] +# 307| 0: [TypeAccess] Unit +# 307| 1: [MethodAccess] dec(...) +# 307| -1: [VarAccess] b1 +# 308| 27: [ExprStmt] ; +# 308| 0: [ImplicitCoercionToUnitExpr] +# 308| 0: [TypeAccess] Unit +# 308| 1: [BitNotExpr] ~... +# 308| 0: [VarAccess] b +# 310| 28: [ExprStmt] ; +# 310| 0: [ImplicitCoercionToUnitExpr] +# 310| 0: [TypeAccess] Unit +# 310| 1: [MinusExpr] -... +# 310| 0: [VarAccess] s +# 311| 29: [ExprStmt] ; +# 311| 0: [ImplicitCoercionToUnitExpr] +# 311| 0: [TypeAccess] Unit +# 311| 1: [PlusExpr] +... +# 311| 0: [VarAccess] s +# 312| 30: [LocalVariableDeclStmt] var ...; +# 312| 1: [LocalVariableDeclExpr] s0 +# 312| 0: [IntegerLiteral] 1 +# 313| 31: [LocalVariableDeclStmt] var ...; +# 313| 1: [LocalVariableDeclExpr] s1 +# 313| 0: [IntegerLiteral] 1 +# 314| 32: [ExprStmt] ; +# 314| 0: [ImplicitCoercionToUnitExpr] +# 314| 0: [TypeAccess] Unit +# 314| 1: [StmtExpr] +# 314| 0: [BlockStmt] { ... } +# 314| 0: [LocalVariableDeclStmt] var ...; +# 314| 1: [LocalVariableDeclExpr] tmp4 +# 314| 0: [VarAccess] s0 +# 314| 1: [ExprStmt] ; +# 314| 0: [AssignExpr] ...=... +# 314| 0: [VarAccess] s0 +# 314| 1: [MethodAccess] inc(...) +# 314| -1: [VarAccess] tmp4 +# 314| 2: [ExprStmt] ; +# 314| 0: [VarAccess] tmp4 +# 315| 33: [ExprStmt] ; +# 315| 0: [ImplicitCoercionToUnitExpr] +# 315| 0: [TypeAccess] Unit +# 315| 1: [StmtExpr] +# 315| 0: [BlockStmt] { ... } +# 315| 0: [ExprStmt] ; +# 315| 0: [AssignExpr] ...=... +# 315| 0: [VarAccess] s0 +# 315| 1: [MethodAccess] inc(...) +# 315| -1: [VarAccess] s0 +# 315| 1: [ExprStmt] ; +# 315| 0: [VarAccess] s0 +# 316| 34: [ExprStmt] ; +# 316| 0: [ImplicitCoercionToUnitExpr] +# 316| 0: [TypeAccess] Unit +# 316| 1: [StmtExpr] +# 316| 0: [BlockStmt] { ... } +# 316| 0: [LocalVariableDeclStmt] var ...; +# 316| 1: [LocalVariableDeclExpr] tmp5 +# 316| 0: [VarAccess] s0 +# 316| 1: [ExprStmt] ; +# 316| 0: [AssignExpr] ...=... +# 316| 0: [VarAccess] s0 +# 316| 1: [MethodAccess] dec(...) +# 316| -1: [VarAccess] tmp5 +# 316| 2: [ExprStmt] ; +# 316| 0: [VarAccess] tmp5 +# 317| 35: [ExprStmt] ; +# 317| 0: [ImplicitCoercionToUnitExpr] +# 317| 0: [TypeAccess] Unit +# 317| 1: [StmtExpr] +# 317| 0: [BlockStmt] { ... } +# 317| 0: [ExprStmt] ; +# 317| 0: [AssignExpr] ...=... +# 317| 0: [VarAccess] s0 +# 317| 1: [MethodAccess] dec(...) +# 317| -1: [VarAccess] s0 +# 317| 1: [ExprStmt] ; +# 317| 0: [VarAccess] s0 +# 318| 36: [ExprStmt] ; +# 318| 0: [ImplicitCoercionToUnitExpr] +# 318| 0: [TypeAccess] Unit +# 318| 1: [MethodAccess] inc(...) +# 318| -1: [VarAccess] s0 +# 319| 37: [ExprStmt] ; +# 319| 0: [ImplicitCoercionToUnitExpr] +# 319| 0: [TypeAccess] Unit +# 319| 1: [MethodAccess] dec(...) +# 319| -1: [VarAccess] s0 +# 320| 38: [ExprStmt] ; +# 320| 0: [ImplicitCoercionToUnitExpr] +# 320| 0: [TypeAccess] Unit +# 320| 1: [MethodAccess] inc(...) +# 320| -1: [VarAccess] s1 +# 321| 39: [ExprStmt] ; +# 321| 0: [ImplicitCoercionToUnitExpr] +# 321| 0: [TypeAccess] Unit +# 321| 1: [MethodAccess] dec(...) +# 321| -1: [VarAccess] s1 +# 322| 40: [ExprStmt] ; +# 322| 0: [ImplicitCoercionToUnitExpr] +# 322| 0: [TypeAccess] Unit +# 322| 1: [BitNotExpr] ~... +# 322| 0: [VarAccess] s +# 324| 41: [ExprStmt] ; +# 324| 0: [ImplicitCoercionToUnitExpr] +# 324| 0: [TypeAccess] Unit +# 324| 1: [MinusExpr] -... +# 324| 0: [VarAccess] l +# 325| 42: [ExprStmt] ; +# 325| 0: [ImplicitCoercionToUnitExpr] +# 325| 0: [TypeAccess] Unit +# 325| 1: [PlusExpr] +... +# 325| 0: [VarAccess] l +# 326| 43: [LocalVariableDeclStmt] var ...; +# 326| 1: [LocalVariableDeclExpr] l0 +# 326| 0: [LongLiteral] 1 +# 327| 44: [LocalVariableDeclStmt] var ...; +# 327| 1: [LocalVariableDeclExpr] l1 +# 327| 0: [LongLiteral] 1 +# 328| 45: [ExprStmt] ; +# 328| 0: [ImplicitCoercionToUnitExpr] +# 328| 0: [TypeAccess] Unit +# 328| 1: [StmtExpr] +# 328| 0: [BlockStmt] { ... } +# 328| 0: [LocalVariableDeclStmt] var ...; +# 328| 1: [LocalVariableDeclExpr] tmp6 +# 328| 0: [VarAccess] l0 +# 328| 1: [ExprStmt] ; +# 328| 0: [AssignExpr] ...=... +# 328| 0: [VarAccess] l0 +# 328| 1: [MethodAccess] inc(...) +# 328| -1: [VarAccess] tmp6 +# 328| 2: [ExprStmt] ; +# 328| 0: [VarAccess] tmp6 +# 329| 46: [ExprStmt] ; +# 329| 0: [ImplicitCoercionToUnitExpr] +# 329| 0: [TypeAccess] Unit +# 329| 1: [StmtExpr] +# 329| 0: [BlockStmt] { ... } +# 329| 0: [ExprStmt] ; +# 329| 0: [AssignExpr] ...=... +# 329| 0: [VarAccess] l0 +# 329| 1: [MethodAccess] inc(...) +# 329| -1: [VarAccess] l0 +# 329| 1: [ExprStmt] ; +# 329| 0: [VarAccess] l0 +# 330| 47: [ExprStmt] ; +# 330| 0: [ImplicitCoercionToUnitExpr] +# 330| 0: [TypeAccess] Unit +# 330| 1: [StmtExpr] +# 330| 0: [BlockStmt] { ... } +# 330| 0: [LocalVariableDeclStmt] var ...; +# 330| 1: [LocalVariableDeclExpr] tmp7 +# 330| 0: [VarAccess] l0 +# 330| 1: [ExprStmt] ; +# 330| 0: [AssignExpr] ...=... +# 330| 0: [VarAccess] l0 +# 330| 1: [MethodAccess] dec(...) +# 330| -1: [VarAccess] tmp7 +# 330| 2: [ExprStmt] ; +# 330| 0: [VarAccess] tmp7 +# 331| 48: [ExprStmt] ; +# 331| 0: [ImplicitCoercionToUnitExpr] +# 331| 0: [TypeAccess] Unit +# 331| 1: [StmtExpr] +# 331| 0: [BlockStmt] { ... } +# 331| 0: [ExprStmt] ; +# 331| 0: [AssignExpr] ...=... +# 331| 0: [VarAccess] l0 +# 331| 1: [MethodAccess] dec(...) +# 331| -1: [VarAccess] l0 +# 331| 1: [ExprStmt] ; +# 331| 0: [VarAccess] l0 +# 332| 49: [ExprStmt] ; +# 332| 0: [ImplicitCoercionToUnitExpr] +# 332| 0: [TypeAccess] Unit +# 332| 1: [MethodAccess] inc(...) +# 332| -1: [VarAccess] l0 +# 333| 50: [ExprStmt] ; +# 333| 0: [ImplicitCoercionToUnitExpr] +# 333| 0: [TypeAccess] Unit +# 333| 1: [MethodAccess] dec(...) +# 333| -1: [VarAccess] l0 +# 334| 51: [ExprStmt] ; +# 334| 0: [ImplicitCoercionToUnitExpr] +# 334| 0: [TypeAccess] Unit +# 334| 1: [MethodAccess] inc(...) +# 334| -1: [VarAccess] l1 +# 335| 52: [ExprStmt] ; +# 335| 0: [ImplicitCoercionToUnitExpr] +# 335| 0: [TypeAccess] Unit +# 335| 1: [MethodAccess] dec(...) +# 335| -1: [VarAccess] l1 +# 336| 53: [ExprStmt] ; +# 336| 0: [ImplicitCoercionToUnitExpr] +# 336| 0: [TypeAccess] Unit +# 336| 1: [BitNotExpr] ~... +# 336| 0: [VarAccess] l +# 338| 54: [ExprStmt] ; +# 338| 0: [ImplicitCoercionToUnitExpr] +# 338| 0: [TypeAccess] Unit +# 338| 1: [PlusExpr] +... +# 338| 0: [VarAccess] f +# 339| 55: [ExprStmt] ; +# 339| 0: [ImplicitCoercionToUnitExpr] +# 339| 0: [TypeAccess] Unit +# 339| 1: [MinusExpr] -... +# 339| 0: [VarAccess] f # 142| 2: [Class] C # 142| 1: [Constructor] C #-----| 4: (Parameters) @@ -3052,15 +3469,16 @@ exprs.kt: # 203| 1: [IntegerLiteral] 5 # 204| 2: [LocalVariableDeclStmt] var ...; # 204| 1: [LocalVariableDeclExpr] b1 -# 204| 0: [AddExpr] ... + ... +# 204| 0: [MethodAccess] stringPlus(...) +# 204| -1: [TypeAccess] Intrinsics # 204| 0: [VarAccess] s # 204| 1: [IntegerLiteral] 5 # 205| 3: [LocalVariableDeclStmt] var ...; # 205| 1: [LocalVariableDeclExpr] b2 -# 205| 0: [MethodAccess] plus(...) -# 205| -1: [NotNullExpr] ...!! +# 205| 0: [AddExpr] ... + ... +# 205| 0: [NotNullExpr] ...!! # 205| 0: [VarAccess] s -# 205| 0: [IntegerLiteral] 5 +# 205| 1: [IntegerLiteral] 5 # 206| 4: [LocalVariableDeclStmt] var ...; # 206| 1: [LocalVariableDeclExpr] b3 # 206| 0: [AddExpr] ... + ... @@ -3844,58 +4262,6 @@ funcExprs.kt: # 36| 5: [BlockStmt] { ... } # 36| 0: [SuperConstructorInvocationStmt] super(...) # 36| 2: [Method] invoke -# 36| 3: [TypeAccess] String -#-----| 4: (Parameters) -# 36| 0: [Parameter] a0 -# 36| 0: [TypeAccess] int -# 36| 1: [Parameter] a1 -# 36| 0: [TypeAccess] int -# 36| 2: [Parameter] a2 -# 36| 0: [TypeAccess] int -# 36| 3: [Parameter] a3 -# 36| 0: [TypeAccess] int -# 36| 4: [Parameter] a4 -# 36| 0: [TypeAccess] int -# 36| 5: [Parameter] a5 -# 36| 0: [TypeAccess] int -# 36| 6: [Parameter] a6 -# 36| 0: [TypeAccess] int -# 36| 7: [Parameter] a7 -# 36| 0: [TypeAccess] int -# 36| 8: [Parameter] a8 -# 36| 0: [TypeAccess] int -# 36| 9: [Parameter] a9 -# 36| 0: [TypeAccess] int -# 36| 10: [Parameter] a10 -# 36| 0: [TypeAccess] int -# 36| 11: [Parameter] a11 -# 36| 0: [TypeAccess] int -# 36| 12: [Parameter] a12 -# 36| 0: [TypeAccess] int -# 36| 13: [Parameter] a13 -# 36| 0: [TypeAccess] int -# 36| 14: [Parameter] a14 -# 36| 0: [TypeAccess] int -# 36| 15: [Parameter] a15 -# 36| 0: [TypeAccess] int -# 36| 16: [Parameter] a16 -# 36| 0: [TypeAccess] int -# 36| 17: [Parameter] a17 -# 36| 0: [TypeAccess] int -# 36| 18: [Parameter] a18 -# 36| 0: [TypeAccess] int -# 36| 19: [Parameter] a19 -# 36| 0: [TypeAccess] int -# 36| 20: [Parameter] a20 -# 36| 0: [TypeAccess] int -# 36| 21: [Parameter] a21 -# 36| 0: [TypeAccess] int -# 36| 22: [Parameter] a22 -# 36| 0: [TypeAccess] int -# 36| 5: [BlockStmt] { ... } -# 36| 0: [ReturnStmt] return ... -# 36| 0: [StringLiteral] -# 36| 2: [Method] invoke #-----| 4: (Parameters) # 36| 0: [Parameter] a0 # 36| 5: [BlockStmt] { ... } @@ -4017,6 +4383,58 @@ funcExprs.kt: # 36| 1: [ArrayAccess] ...[...] # 36| 0: [VarAccess] a0 # 36| 1: [IntegerLiteral] 22 +# 36| 3: [Method] invoke +# 36| 3: [TypeAccess] String +#-----| 4: (Parameters) +# 36| 0: [Parameter] a0 +# 36| 0: [TypeAccess] int +# 36| 1: [Parameter] a1 +# 36| 0: [TypeAccess] int +# 36| 2: [Parameter] a2 +# 36| 0: [TypeAccess] int +# 36| 3: [Parameter] a3 +# 36| 0: [TypeAccess] int +# 36| 4: [Parameter] a4 +# 36| 0: [TypeAccess] int +# 36| 5: [Parameter] a5 +# 36| 0: [TypeAccess] int +# 36| 6: [Parameter] a6 +# 36| 0: [TypeAccess] int +# 36| 7: [Parameter] a7 +# 36| 0: [TypeAccess] int +# 36| 8: [Parameter] a8 +# 36| 0: [TypeAccess] int +# 36| 9: [Parameter] a9 +# 36| 0: [TypeAccess] int +# 36| 10: [Parameter] a10 +# 36| 0: [TypeAccess] int +# 36| 11: [Parameter] a11 +# 36| 0: [TypeAccess] int +# 36| 12: [Parameter] a12 +# 36| 0: [TypeAccess] int +# 36| 13: [Parameter] a13 +# 36| 0: [TypeAccess] int +# 36| 14: [Parameter] a14 +# 36| 0: [TypeAccess] int +# 36| 15: [Parameter] a15 +# 36| 0: [TypeAccess] int +# 36| 16: [Parameter] a16 +# 36| 0: [TypeAccess] int +# 36| 17: [Parameter] a17 +# 36| 0: [TypeAccess] int +# 36| 18: [Parameter] a18 +# 36| 0: [TypeAccess] int +# 36| 19: [Parameter] a19 +# 36| 0: [TypeAccess] int +# 36| 20: [Parameter] a20 +# 36| 0: [TypeAccess] int +# 36| 21: [Parameter] a21 +# 36| 0: [TypeAccess] int +# 36| 22: [Parameter] a22 +# 36| 0: [TypeAccess] int +# 36| 5: [BlockStmt] { ... } +# 36| 0: [ReturnStmt] return ... +# 36| 0: [StringLiteral] # 36| -3: [TypeAccess] FunctionN # 36| 0: [TypeAccess] String # 38| 14: [ExprStmt] ; @@ -4029,6 +4447,7 @@ funcExprs.kt: # 38| 0: [Parameter] # 38| 5: [BlockStmt] { ... } # 38| 0: [SuperConstructorInvocationStmt] super(...) +# 38| 0: [IntegerLiteral] 0 # 38| 1: [ExprStmt] ; # 38| 0: [AssignExpr] ...=... # 38| 0: [VarAccess] this. @@ -4056,6 +4475,7 @@ funcExprs.kt: # 39| 0: [Parameter] # 39| 5: [BlockStmt] { ... } # 39| 0: [SuperConstructorInvocationStmt] super(...) +# 39| 0: [IntegerLiteral] 0 # 39| 1: [ExprStmt] ; # 39| 0: [AssignExpr] ...=... # 39| 0: [VarAccess] this. @@ -4083,6 +4503,7 @@ funcExprs.kt: # 40| 0: [Parameter] # 40| 5: [BlockStmt] { ... } # 40| 0: [SuperConstructorInvocationStmt] super(...) +# 40| 0: [IntegerLiteral] 1 # 40| 1: [ExprStmt] ; # 40| 0: [AssignExpr] ...=... # 40| 0: [VarAccess] this. @@ -4113,6 +4534,7 @@ funcExprs.kt: # 41| 1: [Constructor] # 41| 5: [BlockStmt] { ... } # 41| 0: [SuperConstructorInvocationStmt] super(...) +# 41| 0: [IntegerLiteral] 2 # 41| 2: [Method] invoke #-----| 4: (Parameters) # 41| 0: [Parameter] a0 @@ -4137,6 +4559,7 @@ funcExprs.kt: # 42| 0: [Parameter] # 42| 5: [BlockStmt] { ... } # 42| 0: [SuperConstructorInvocationStmt] super(...) +# 42| 0: [IntegerLiteral] 1 # 42| 1: [ExprStmt] ; # 42| 0: [AssignExpr] ...=... # 42| 0: [VarAccess] this. @@ -4167,6 +4590,7 @@ funcExprs.kt: # 43| 1: [Constructor] # 43| 5: [BlockStmt] { ... } # 43| 0: [SuperConstructorInvocationStmt] super(...) +# 43| 0: [IntegerLiteral] 2 # 43| 2: [Method] invoke #-----| 4: (Parameters) # 43| 0: [Parameter] a0 @@ -4192,6 +4616,7 @@ funcExprs.kt: # 44| 0: [Parameter] # 44| 5: [BlockStmt] { ... } # 44| 0: [SuperConstructorInvocationStmt] super(...) +# 44| 0: [IntegerLiteral] 22 # 44| 1: [ExprStmt] ; # 44| 0: [AssignExpr] ...=... # 44| 0: [VarAccess] this. @@ -4287,6 +4712,7 @@ funcExprs.kt: # 45| 0: [Parameter] # 45| 5: [BlockStmt] { ... } # 45| 0: [SuperConstructorInvocationStmt] super(...) +# 45| 0: [IntegerLiteral] 23 # 45| 1: [ExprStmt] ; # 45| 0: [AssignExpr] ...=... # 45| 0: [VarAccess] this. @@ -4430,6 +4856,7 @@ funcExprs.kt: # 46| 1: [Constructor] # 46| 5: [BlockStmt] { ... } # 46| 0: [SuperConstructorInvocationStmt] super(...) +# 46| 0: [IntegerLiteral] 24 # 46| 2: [Method] invoke #-----| 4: (Parameters) # 46| 0: [Parameter] a0 @@ -4576,6 +5003,7 @@ funcExprs.kt: # 49| 1: [Constructor] # 49| 5: [BlockStmt] { ... } # 49| 0: [SuperConstructorInvocationStmt] super(...) +# 49| 0: [IntegerLiteral] 0 # 49| 2: [Method] invoke # 49| 5: [BlockStmt] { ... } # 49| 0: [ReturnStmt] return ... @@ -4593,6 +5021,7 @@ funcExprs.kt: # 51| 1: [Constructor] # 51| 5: [BlockStmt] { ... } # 51| 0: [SuperConstructorInvocationStmt] super(...) +# 51| 0: [IntegerLiteral] 0 # 51| 2: [Method] invoke # 51| 5: [BlockStmt] { ... } # 51| 0: [ReturnStmt] return ... @@ -4681,58 +5110,6 @@ funcExprs.kt: # 90| 5: [BlockStmt] { ... } # 90| 0: [SuperConstructorInvocationStmt] super(...) # 90| 2: [Method] invoke -# 90| 3: [TypeAccess] String -#-----| 4: (Parameters) -# 90| 0: [Parameter] p0 -# 90| 0: [TypeAccess] int -# 90| 1: [Parameter] p1 -# 90| 0: [TypeAccess] int -# 90| 2: [Parameter] p2 -# 90| 0: [TypeAccess] int -# 90| 3: [Parameter] p3 -# 90| 0: [TypeAccess] int -# 90| 4: [Parameter] p4 -# 90| 0: [TypeAccess] int -# 90| 5: [Parameter] p5 -# 90| 0: [TypeAccess] int -# 90| 6: [Parameter] p6 -# 90| 0: [TypeAccess] int -# 90| 7: [Parameter] p7 -# 90| 0: [TypeAccess] int -# 90| 8: [Parameter] p8 -# 90| 0: [TypeAccess] int -# 90| 9: [Parameter] p9 -# 90| 0: [TypeAccess] int -# 90| 10: [Parameter] p10 -# 90| 0: [TypeAccess] int -# 90| 11: [Parameter] p11 -# 90| 0: [TypeAccess] int -# 90| 12: [Parameter] p12 -# 90| 0: [TypeAccess] int -# 90| 13: [Parameter] p13 -# 90| 0: [TypeAccess] int -# 90| 14: [Parameter] p14 -# 90| 0: [TypeAccess] int -# 90| 15: [Parameter] p15 -# 90| 0: [TypeAccess] int -# 90| 16: [Parameter] p16 -# 90| 0: [TypeAccess] int -# 90| 17: [Parameter] p17 -# 90| 0: [TypeAccess] int -# 90| 18: [Parameter] p18 -# 90| 0: [TypeAccess] int -# 90| 19: [Parameter] p19 -# 90| 0: [TypeAccess] int -# 90| 20: [Parameter] p20 -# 90| 0: [TypeAccess] int -# 90| 21: [Parameter] p21 -# 90| 0: [TypeAccess] int -# 90| 22: [Parameter] p22 -# 90| 0: [TypeAccess] int -# 90| 5: [BlockStmt] { ... } -# 90| 0: [ReturnStmt] return ... -# 90| 0: [StringLiteral] -# 90| 2: [Method] invoke #-----| 4: (Parameters) # 90| 0: [Parameter] a0 # 90| 5: [BlockStmt] { ... } @@ -4854,6 +5231,58 @@ funcExprs.kt: # 90| 1: [ArrayAccess] ...[...] # 90| 0: [VarAccess] a0 # 90| 1: [IntegerLiteral] 22 +# 90| 3: [Method] invoke +# 90| 3: [TypeAccess] String +#-----| 4: (Parameters) +# 90| 0: [Parameter] p0 +# 90| 0: [TypeAccess] int +# 90| 1: [Parameter] p1 +# 90| 0: [TypeAccess] int +# 90| 2: [Parameter] p2 +# 90| 0: [TypeAccess] int +# 90| 3: [Parameter] p3 +# 90| 0: [TypeAccess] int +# 90| 4: [Parameter] p4 +# 90| 0: [TypeAccess] int +# 90| 5: [Parameter] p5 +# 90| 0: [TypeAccess] int +# 90| 6: [Parameter] p6 +# 90| 0: [TypeAccess] int +# 90| 7: [Parameter] p7 +# 90| 0: [TypeAccess] int +# 90| 8: [Parameter] p8 +# 90| 0: [TypeAccess] int +# 90| 9: [Parameter] p9 +# 90| 0: [TypeAccess] int +# 90| 10: [Parameter] p10 +# 90| 0: [TypeAccess] int +# 90| 11: [Parameter] p11 +# 90| 0: [TypeAccess] int +# 90| 12: [Parameter] p12 +# 90| 0: [TypeAccess] int +# 90| 13: [Parameter] p13 +# 90| 0: [TypeAccess] int +# 90| 14: [Parameter] p14 +# 90| 0: [TypeAccess] int +# 90| 15: [Parameter] p15 +# 90| 0: [TypeAccess] int +# 90| 16: [Parameter] p16 +# 90| 0: [TypeAccess] int +# 90| 17: [Parameter] p17 +# 90| 0: [TypeAccess] int +# 90| 18: [Parameter] p18 +# 90| 0: [TypeAccess] int +# 90| 19: [Parameter] p19 +# 90| 0: [TypeAccess] int +# 90| 20: [Parameter] p20 +# 90| 0: [TypeAccess] int +# 90| 21: [Parameter] p21 +# 90| 0: [TypeAccess] int +# 90| 22: [Parameter] p22 +# 90| 0: [TypeAccess] int +# 90| 5: [BlockStmt] { ... } +# 90| 0: [ReturnStmt] return ... +# 90| 0: [StringLiteral] # 90| -3: [TypeAccess] FunctionN # 90| 0: [TypeAccess] String # 91| 5: [ExprStmt] ; @@ -5206,6 +5635,7 @@ kFunctionInvoke.kt: # 8| 0: [Parameter] # 8| 5: [BlockStmt] { ... } # 8| 0: [SuperConstructorInvocationStmt] super(...) +# 8| 0: [IntegerLiteral] 1 # 8| 1: [ExprStmt] ; # 8| 0: [AssignExpr] ...=... # 8| 0: [VarAccess] this. @@ -5484,6 +5914,7 @@ samConversion.kt: # 5| 1: [Constructor] # 5| 5: [BlockStmt] { ... } # 5| 0: [SuperConstructorInvocationStmt] super(...) +# 5| 0: [IntegerLiteral] 2 # 5| 2: [Method] invoke #-----| 4: (Parameters) # 5| 0: [Parameter] a0 @@ -5705,6 +6136,7 @@ samConversion.kt: # 41| 1: [Constructor] # 41| 5: [BlockStmt] { ... } # 41| 0: [SuperConstructorInvocationStmt] super(...) +# 41| 0: [IntegerLiteral] 23 # 41| 2: [Method] invoke #-----| 4: (Parameters) # 41| 0: [Parameter] a0 @@ -6036,58 +6468,6 @@ samConversion.kt: # 43| 5: [BlockStmt] { ... } # 43| 0: [SuperConstructorInvocationStmt] super(...) # 43| 2: [Method] invoke -# 43| 3: [TypeAccess] boolean -#-----| 4: (Parameters) -# 43| 0: [Parameter] i0 -# 43| 0: [TypeAccess] int -# 43| 1: [Parameter] i1 -# 43| 0: [TypeAccess] int -# 43| 2: [Parameter] i2 -# 43| 0: [TypeAccess] int -# 43| 3: [Parameter] i3 -# 43| 0: [TypeAccess] int -# 43| 4: [Parameter] i4 -# 43| 0: [TypeAccess] int -# 43| 5: [Parameter] i5 -# 43| 0: [TypeAccess] int -# 43| 6: [Parameter] i6 -# 43| 0: [TypeAccess] int -# 43| 7: [Parameter] i7 -# 43| 0: [TypeAccess] int -# 43| 8: [Parameter] i8 -# 43| 0: [TypeAccess] int -# 43| 9: [Parameter] i9 -# 43| 0: [TypeAccess] int -# 44| 10: [Parameter] i10 -# 44| 0: [TypeAccess] int -# 44| 11: [Parameter] i11 -# 44| 0: [TypeAccess] int -# 44| 12: [Parameter] i12 -# 44| 0: [TypeAccess] int -# 44| 13: [Parameter] i13 -# 44| 0: [TypeAccess] int -# 44| 14: [Parameter] i14 -# 44| 0: [TypeAccess] int -# 44| 15: [Parameter] i15 -# 44| 0: [TypeAccess] int -# 44| 16: [Parameter] i16 -# 44| 0: [TypeAccess] int -# 44| 17: [Parameter] i17 -# 44| 0: [TypeAccess] int -# 44| 18: [Parameter] i18 -# 44| 0: [TypeAccess] int -# 44| 19: [Parameter] i19 -# 44| 0: [TypeAccess] int -# 45| 20: [Parameter] i20 -# 45| 0: [TypeAccess] int -# 45| 21: [Parameter] i21 -# 45| 0: [TypeAccess] int -# 45| 22: [Parameter] i22 -# 45| 0: [TypeAccess] int -# 45| 5: [BlockStmt] { ... } -# 45| 0: [ReturnStmt] return ... -# 45| 0: [BooleanLiteral] true -# 43| 2: [Method] invoke #-----| 4: (Parameters) # 43| 0: [Parameter] a0 # 43| 5: [BlockStmt] { ... } @@ -6209,6 +6589,58 @@ samConversion.kt: # 43| 1: [ArrayAccess] ...[...] # 43| 0: [VarAccess] a0 # 43| 1: [IntegerLiteral] 22 +# 43| 3: [Method] invoke +# 43| 3: [TypeAccess] boolean +#-----| 4: (Parameters) +# 43| 0: [Parameter] i0 +# 43| 0: [TypeAccess] int +# 43| 1: [Parameter] i1 +# 43| 0: [TypeAccess] int +# 43| 2: [Parameter] i2 +# 43| 0: [TypeAccess] int +# 43| 3: [Parameter] i3 +# 43| 0: [TypeAccess] int +# 43| 4: [Parameter] i4 +# 43| 0: [TypeAccess] int +# 43| 5: [Parameter] i5 +# 43| 0: [TypeAccess] int +# 43| 6: [Parameter] i6 +# 43| 0: [TypeAccess] int +# 43| 7: [Parameter] i7 +# 43| 0: [TypeAccess] int +# 43| 8: [Parameter] i8 +# 43| 0: [TypeAccess] int +# 43| 9: [Parameter] i9 +# 43| 0: [TypeAccess] int +# 44| 10: [Parameter] i10 +# 44| 0: [TypeAccess] int +# 44| 11: [Parameter] i11 +# 44| 0: [TypeAccess] int +# 44| 12: [Parameter] i12 +# 44| 0: [TypeAccess] int +# 44| 13: [Parameter] i13 +# 44| 0: [TypeAccess] int +# 44| 14: [Parameter] i14 +# 44| 0: [TypeAccess] int +# 44| 15: [Parameter] i15 +# 44| 0: [TypeAccess] int +# 44| 16: [Parameter] i16 +# 44| 0: [TypeAccess] int +# 44| 17: [Parameter] i17 +# 44| 0: [TypeAccess] int +# 44| 18: [Parameter] i18 +# 44| 0: [TypeAccess] int +# 44| 19: [Parameter] i19 +# 44| 0: [TypeAccess] int +# 45| 20: [Parameter] i20 +# 45| 0: [TypeAccess] int +# 45| 21: [Parameter] i21 +# 45| 0: [TypeAccess] int +# 45| 22: [Parameter] i22 +# 45| 0: [TypeAccess] int +# 45| 5: [BlockStmt] { ... } +# 45| 0: [ReturnStmt] return ... +# 45| 0: [BooleanLiteral] true # 43| -3: [TypeAccess] FunctionN # 43| 0: [TypeAccess] Boolean # 46| 3: [LocalVariableDeclStmt] var ...; @@ -6322,6 +6754,120 @@ samConversion.kt: # 59| -1: [VarAccess] i0 # 59| 0: [IntegerLiteral] 1 # 59| 1: [IntegerLiteral] 2 +# 74| 6: [Method] propertyRefsTest +# 74| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 74| 0: [Parameter] prt +# 74| 0: [TypeAccess] PropertyRefsTest +# 74| 5: [BlockStmt] { ... } +# 75| 0: [LocalVariableDeclStmt] var ...; +# 75| 1: [LocalVariableDeclExpr] test1 +# 75| 0: [CastExpr] (...)... +# 75| 0: [TypeAccess] IntGetter +# 75| 1: [ClassInstanceExpr] new (...) +# 75| -4: [AnonymousClass] new IntGetter(...) { ... } +# 75| 1: [Constructor] +#-----| 4: (Parameters) +# 75| 0: [Parameter] +# 75| 5: [BlockStmt] { ... } +# 75| 0: [SuperConstructorInvocationStmt] super(...) +# 75| 1: [ExprStmt] ; +# 75| 0: [AssignExpr] ...=... +# 75| 0: [VarAccess] this. +# 75| -1: [ThisAccess] this +# 75| 1: [VarAccess] +# 75| 2: [FieldDeclaration] Function0 ; +# 75| -1: [TypeAccess] Function0 +# 75| 0: [TypeAccess] Integer +# 75| 3: [Method] f +# 75| 3: [TypeAccess] int +# 75| 5: [BlockStmt] { ... } +# 75| 0: [ReturnStmt] return ... +# 75| 0: [MethodAccess] invoke(...) +# 75| -1: [VarAccess] +# 75| -3: [TypeAccess] IntGetter +# 75| 0: [PropertyRefExpr] ...::... +# 75| -4: [AnonymousClass] new KProperty0(...) { ... } +# 75| 1: [Constructor] +#-----| 4: (Parameters) +# 75| 0: [Parameter] +# 75| 5: [BlockStmt] { ... } +# 75| 0: [SuperConstructorInvocationStmt] super(...) +# 75| 1: [ExprStmt] ; +# 75| 0: [AssignExpr] ...=... +# 75| 0: [VarAccess] this. +# 75| -1: [ThisAccess] this +# 75| 1: [VarAccess] +# 75| 2: [FieldDeclaration] PropertyRefsTest ; +# 75| -1: [TypeAccess] PropertyRefsTest +# 75| 3: [Method] get +# 75| 5: [BlockStmt] { ... } +# 75| 0: [ReturnStmt] return ... +# 75| 0: [MethodAccess] getX(...) +# 75| -1: [VarAccess] this. +# 75| -1: [ThisAccess] this +# 75| 4: [Method] invoke +# 75| 5: [BlockStmt] { ... } +# 75| 0: [ReturnStmt] return ... +# 75| 0: [MethodAccess] get(...) +# 75| -1: [ThisAccess] this +# 75| -3: [TypeAccess] KProperty0 +# 75| 0: [TypeAccess] Integer +# 75| 0: [VarAccess] prt +# 76| 1: [LocalVariableDeclStmt] var ...; +# 76| 1: [LocalVariableDeclExpr] test2 +# 76| 0: [CastExpr] (...)... +# 76| 0: [TypeAccess] PropertyRefsGetter +# 76| 1: [ClassInstanceExpr] new (...) +# 76| -4: [AnonymousClass] new PropertyRefsGetter(...) { ... } +# 76| 1: [Constructor] +#-----| 4: (Parameters) +# 76| 0: [Parameter] +# 76| 5: [BlockStmt] { ... } +# 76| 0: [SuperConstructorInvocationStmt] super(...) +# 76| 1: [ExprStmt] ; +# 76| 0: [AssignExpr] ...=... +# 76| 0: [VarAccess] this. +# 76| -1: [ThisAccess] this +# 76| 1: [VarAccess] +# 76| 2: [FieldDeclaration] Function1 ; +# 76| -1: [TypeAccess] Function1 +# 76| 0: [TypeAccess] PropertyRefsTest +# 76| 1: [TypeAccess] Integer +# 76| 3: [Method] f +# 76| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 76| 0: [Parameter] prt +# 76| 0: [TypeAccess] PropertyRefsTest +# 76| 5: [BlockStmt] { ... } +# 76| 0: [ReturnStmt] return ... +# 76| 0: [MethodAccess] invoke(...) +# 76| -1: [VarAccess] +# 76| 0: [VarAccess] prt +# 76| -3: [TypeAccess] PropertyRefsGetter +# 76| 0: [PropertyRefExpr] ...::... +# 76| -4: [AnonymousClass] new KProperty1(...) { ... } +# 76| 1: [Constructor] +# 76| 5: [BlockStmt] { ... } +# 76| 0: [SuperConstructorInvocationStmt] super(...) +# 76| 2: [Method] get +#-----| 4: (Parameters) +# 76| 0: [Parameter] a0 +# 76| 5: [BlockStmt] { ... } +# 76| 0: [ReturnStmt] return ... +# 76| 0: [MethodAccess] getX(...) +# 76| -1: [VarAccess] a0 +# 76| 3: [Method] invoke +#-----| 4: (Parameters) +# 76| 0: [Parameter] a0 +# 76| 5: [BlockStmt] { ... } +# 76| 0: [ReturnStmt] return ... +# 76| 0: [MethodAccess] get(...) +# 76| -1: [ThisAccess] this +# 76| 0: [VarAccess] a0 +# 76| -3: [TypeAccess] KProperty1 +# 76| 0: [TypeAccess] PropertyRefsTest +# 76| 1: [TypeAccess] Integer # 16| 2: [Interface] IntPredicate # 17| 1: [Method] accept # 17| 3: [TypeAccess] boolean @@ -6410,6 +6956,32 @@ samConversion.kt: # 54| 0: [TypeAccess] int # 54| 1: [Parameter] j # 54| 0: [TypeAccess] int +# 62| 8: [Class] PropertyRefsTest +# 62| 1: [Constructor] PropertyRefsTest +# 62| 5: [BlockStmt] { ... } +# 62| 0: [SuperConstructorInvocationStmt] super(...) +# 62| 1: [BlockStmt] { ... } +# 63| 0: [ExprStmt] ; +# 63| 0: [KtInitializerAssignExpr] ...=... +# 63| 0: [VarAccess] x +# 63| 2: [Method] getX +# 63| 3: [TypeAccess] int +# 63| 5: [BlockStmt] { ... } +# 63| 0: [ReturnStmt] return ... +# 63| 0: [VarAccess] this.x +# 63| -1: [ThisAccess] this +# 63| 3: [FieldDeclaration] int x; +# 63| -1: [TypeAccess] int +# 63| 0: [IntegerLiteral] 1 +# 66| 9: [Interface] PropertyRefsGetter +# 67| 1: [Method] f +# 67| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 67| 0: [Parameter] prt +# 67| 0: [TypeAccess] PropertyRefsTest +# 70| 10: [Interface] IntGetter +# 71| 1: [Method] f +# 71| 3: [TypeAccess] int whenExpr.kt: # 0| [CompilationUnit] whenExpr # 0| 1: [Class] WhenExprKt diff --git a/java/ql/test/kotlin/library-tests/exprs/binop.expected b/java/ql/test/kotlin/library-tests/exprs/binop.expected index 18f1d728036..b0003a5a3d9 100644 --- a/java/ql/test/kotlin/library-tests/exprs/binop.expected +++ b/java/ql/test/kotlin/library-tests/exprs/binop.expected @@ -2,6 +2,12 @@ | exprs.kt:13:14:13:18 | ... - ... | exprs.kt:13:14:13:14 | x | exprs.kt:13:18:13:18 | y | | exprs.kt:14:14:14:18 | ... / ... | exprs.kt:14:14:14:14 | x | exprs.kt:14:18:14:18 | y | | exprs.kt:15:14:15:18 | ... % ... | exprs.kt:15:14:15:14 | x | exprs.kt:15:18:15:18 | y | +| exprs.kt:16:14:16:20 | ... << ... | exprs.kt:16:14:16:14 | x | exprs.kt:16:20:16:20 | y | +| exprs.kt:17:14:17:20 | ... >> ... | exprs.kt:17:14:17:14 | x | exprs.kt:17:20:17:20 | y | +| exprs.kt:18:14:18:21 | ... >>> ... | exprs.kt:18:14:18:14 | x | exprs.kt:18:21:18:21 | y | +| exprs.kt:19:14:19:20 | ... & ... | exprs.kt:19:14:19:14 | x | exprs.kt:19:20:19:20 | y | +| exprs.kt:20:15:20:20 | ... \| ... | exprs.kt:20:15:20:15 | x | exprs.kt:20:20:20:20 | y | +| exprs.kt:21:15:21:21 | ... ^ ... | exprs.kt:21:15:21:15 | x | exprs.kt:21:21:21:21 | y | | exprs.kt:23:15:23:20 | ... (value equals) ... | exprs.kt:23:15:23:15 | x | exprs.kt:23:20:23:20 | y | | exprs.kt:24:15:24:20 | ... (value not-equals) ... | exprs.kt:24:15:24:15 | x | exprs.kt:24:20:24:20 | y | | exprs.kt:25:15:25:19 | ... < ... | exprs.kt:25:15:25:15 | x | exprs.kt:25:19:25:19 | y | @@ -38,6 +44,12 @@ | exprs.kt:64:14:64:20 | ... - ... | exprs.kt:64:14:64:15 | lx | exprs.kt:64:19:64:20 | ly | | exprs.kt:65:14:65:20 | ... / ... | exprs.kt:65:14:65:15 | lx | exprs.kt:65:19:65:20 | ly | | exprs.kt:66:14:66:20 | ... % ... | exprs.kt:66:14:66:15 | lx | exprs.kt:66:19:66:20 | ly | +| exprs.kt:67:14:67:21 | ... << ... | exprs.kt:67:14:67:15 | lx | exprs.kt:67:21:67:21 | y | +| exprs.kt:68:14:68:21 | ... >> ... | exprs.kt:68:14:68:15 | lx | exprs.kt:68:21:68:21 | y | +| exprs.kt:69:14:69:22 | ... >>> ... | exprs.kt:69:14:69:15 | lx | exprs.kt:69:22:69:22 | y | +| exprs.kt:70:14:70:22 | ... & ... | exprs.kt:70:14:70:15 | lx | exprs.kt:70:21:70:22 | ly | +| exprs.kt:71:15:71:22 | ... \| ... | exprs.kt:71:15:71:16 | lx | exprs.kt:71:21:71:22 | ly | +| exprs.kt:72:15:72:23 | ... ^ ... | exprs.kt:72:15:72:16 | lx | exprs.kt:72:22:72:23 | ly | | exprs.kt:74:15:74:22 | ... (value equals) ... | exprs.kt:74:15:74:16 | lx | exprs.kt:74:21:74:22 | ly | | exprs.kt:75:15:75:22 | ... (value not-equals) ... | exprs.kt:75:15:75:16 | lx | exprs.kt:75:21:75:22 | ly | | exprs.kt:76:15:76:21 | ... < ... | exprs.kt:76:15:76:16 | lx | exprs.kt:76:20:76:21 | ly | @@ -73,13 +85,12 @@ | exprs.kt:113:14:113:21 | ... && ... | exprs.kt:113:14:113:15 | b1 | exprs.kt:113:20:113:21 | b2 | | exprs.kt:114:14:114:21 | ... \|\| ... | exprs.kt:114:14:114:15 | b1 | exprs.kt:114:20:114:21 | b2 | | exprs.kt:127:31:127:41 | ... + ... | exprs.kt:127:31:127:34 | str1 | exprs.kt:127:38:127:41 | str2 | -| exprs.kt:127:50:127:60 | ... + ... | exprs.kt:127:50:127:53 | str2 | exprs.kt:127:57:127:60 | str1 | | exprs.kt:128:16:128:26 | ... + ... | exprs.kt:128:16:128:19 | str1 | exprs.kt:128:23:128:26 | str2 | | exprs.kt:131:12:131:23 | ... > ... | exprs.kt:131:12:131:19 | variable | exprs.kt:131:23:131:23 | 0 | | exprs.kt:135:12:135:20 | ... + ... | exprs.kt:135:12:135:14 | 123 | exprs.kt:135:18:135:20 | 456 | | exprs.kt:161:8:161:16 | ... (value not-equals) ... | exprs.kt:161:8:161:8 | r | exprs.kt:161:13:161:16 | null | | exprs.kt:190:31:190:37 | ... + ... | exprs.kt:190:31:190:32 | getA1(...) | exprs.kt:190:36:190:37 | a2 | -| exprs.kt:204:19:204:23 | ... + ... | exprs.kt:204:19:204:19 | s | exprs.kt:204:23:204:23 | 5 | +| exprs.kt:205:23:205:29 | ... + ... | exprs.kt:205:20:205:21 | ...!! | exprs.kt:205:28:205:28 | 5 | | exprs.kt:206:19:206:25 | ... + ... | exprs.kt:206:20:206:21 | ...!! | exprs.kt:206:25:206:25 | 5 | | exprs.kt:224:12:224:47 | ... (value equals) ... | exprs.kt:224:12:224:27 | notNullPrimitive | exprs.kt:224:32:224:47 | notNullPrimitive | | exprs.kt:225:12:225:48 | ... (value equals) ... | exprs.kt:225:12:225:27 | notNullPrimitive | exprs.kt:225:32:225:48 | nullablePrimitive | diff --git a/java/ql/test/kotlin/library-tests/exprs/exprs.expected b/java/ql/test/kotlin/library-tests/exprs/exprs.expected index f32f421a8fd..1b3e8dc9272 100644 --- a/java/ql/test/kotlin/library-tests/exprs/exprs.expected +++ b/java/ql/test/kotlin/library-tests/exprs/exprs.expected @@ -924,31 +924,31 @@ | exprs.kt:15:18:15:18 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:16:5:16:20 | i6 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:16:14:16:14 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:16:14:16:20 | shl(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:16:14:16:20 | ... << ... | exprs.kt:4:1:136:1 | topLevelMethod | LShiftExpr | | exprs.kt:16:20:16:20 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:17:5:17:20 | i7 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:17:14:17:14 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:17:14:17:20 | shr(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:17:14:17:20 | ... >> ... | exprs.kt:4:1:136:1 | topLevelMethod | RShiftExpr | | exprs.kt:17:20:17:20 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:18:5:18:21 | i8 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:18:14:18:14 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:18:14:18:21 | ushr(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:18:14:18:21 | ... >>> ... | exprs.kt:4:1:136:1 | topLevelMethod | URShiftExpr | | exprs.kt:18:21:18:21 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:19:5:19:20 | i9 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:19:14:19:14 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:19:14:19:20 | and(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:19:14:19:20 | ... & ... | exprs.kt:4:1:136:1 | topLevelMethod | AndBitwiseExpr | | exprs.kt:19:20:19:20 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:20:5:20:20 | i10 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:20:15:20:15 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:20:15:20:20 | or(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:20:15:20:20 | ... \| ... | exprs.kt:4:1:136:1 | topLevelMethod | OrBitwiseExpr | | exprs.kt:20:20:20:20 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:21:5:21:21 | i11 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:21:15:21:15 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:21:15:21:21 | xor(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:21:15:21:21 | ... ^ ... | exprs.kt:4:1:136:1 | topLevelMethod | XorBitwiseExpr | | exprs.kt:21:21:21:21 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:22:5:22:21 | i12 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:22:15:22:15 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:22:17:22:21 | inv(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:22:17:22:21 | ~... | exprs.kt:4:1:136:1 | topLevelMethod | BitNotExpr | | exprs.kt:23:5:23:20 | i13 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:23:15:23:15 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:23:15:23:20 | ... (value equals) ... | exprs.kt:4:1:136:1 | topLevelMethod | ValueEQExpr | @@ -989,8 +989,8 @@ | exprs.kt:31:25:31:25 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:32:5:32:26 | i22 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:32:15:32:15 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | +| exprs.kt:32:15:32:26 | !... | exprs.kt:4:1:136:1 | topLevelMethod | LogNotExpr | | exprs.kt:32:15:32:26 | contains(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | -| exprs.kt:32:15:32:26 | not(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | | exprs.kt:32:21:32:21 | x | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:32:21:32:26 | rangeTo(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | | exprs.kt:32:26:32:26 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | @@ -1138,31 +1138,31 @@ | exprs.kt:66:19:66:20 | ly | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:67:5:67:21 | l6 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:67:14:67:15 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:67:14:67:21 | shl(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:67:14:67:21 | ... << ... | exprs.kt:4:1:136:1 | topLevelMethod | LShiftExpr | | exprs.kt:67:21:67:21 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:68:5:68:21 | l7 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:68:14:68:15 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:68:14:68:21 | shr(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:68:14:68:21 | ... >> ... | exprs.kt:4:1:136:1 | topLevelMethod | RShiftExpr | | exprs.kt:68:21:68:21 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:69:5:69:22 | l8 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:69:14:69:15 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:69:14:69:22 | ushr(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:69:14:69:22 | ... >>> ... | exprs.kt:4:1:136:1 | topLevelMethod | URShiftExpr | | exprs.kt:69:22:69:22 | y | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:70:5:70:22 | l9 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:70:14:70:15 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:70:14:70:22 | and(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:70:14:70:22 | ... & ... | exprs.kt:4:1:136:1 | topLevelMethod | AndBitwiseExpr | | exprs.kt:70:21:70:22 | ly | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:71:5:71:22 | l10 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:71:15:71:16 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:71:15:71:22 | or(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:71:15:71:22 | ... \| ... | exprs.kt:4:1:136:1 | topLevelMethod | OrBitwiseExpr | | exprs.kt:71:21:71:22 | ly | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:72:5:72:23 | l11 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:72:15:72:16 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:72:15:72:23 | xor(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:72:15:72:23 | ... ^ ... | exprs.kt:4:1:136:1 | topLevelMethod | XorBitwiseExpr | | exprs.kt:72:22:72:23 | ly | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:73:5:73:22 | l12 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:73:15:73:16 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:73:18:73:22 | inv(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:73:18:73:22 | ~... | exprs.kt:4:1:136:1 | topLevelMethod | BitNotExpr | | exprs.kt:74:5:74:22 | l13 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:74:15:74:16 | lx | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:74:15:74:22 | ... (value equals) ... | exprs.kt:4:1:136:1 | topLevelMethod | ValueEQExpr | @@ -1308,7 +1308,7 @@ | exprs.kt:114:14:114:21 | ... \|\| ... | exprs.kt:4:1:136:1 | topLevelMethod | OrLogicalExpr | | exprs.kt:114:20:114:21 | b2 | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:115:5:115:16 | b5 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | -| exprs.kt:115:14:115:16 | not(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | +| exprs.kt:115:14:115:16 | !... | exprs.kt:4:1:136:1 | topLevelMethod | LogNotExpr | | exprs.kt:115:15:115:16 | b1 | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:117:5:117:15 | c | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | | exprs.kt:117:13:117:15 | x | exprs.kt:4:1:136:1 | topLevelMethod | CharacterLiteral | @@ -1349,7 +1349,8 @@ | exprs.kt:127:38:127:41 | str2 | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:127:43:127:47 | bar | exprs.kt:4:1:136:1 | topLevelMethod | StringLiteral | | exprs.kt:127:50:127:53 | str2 | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | -| exprs.kt:127:50:127:60 | ... + ... | exprs.kt:4:1:136:1 | topLevelMethod | AddExpr | +| exprs.kt:127:50:127:60 | Intrinsics | exprs.kt:4:1:136:1 | topLevelMethod | TypeAccess | +| exprs.kt:127:50:127:60 | stringPlus(...) | exprs.kt:4:1:136:1 | topLevelMethod | MethodAccess | | exprs.kt:127:57:127:60 | str1 | exprs.kt:4:1:136:1 | topLevelMethod | VarAccess | | exprs.kt:127:62:127:65 | baz | exprs.kt:4:1:136:1 | topLevelMethod | StringLiteral | | exprs.kt:128:5:128:26 | str6 | exprs.kt:4:1:136:1 | topLevelMethod | LocalVariableDeclExpr | @@ -1554,12 +1555,13 @@ | exprs.kt:203:26:203:26 | 5 | exprs.kt:200:5:211:5 | x | IntegerLiteral | | exprs.kt:204:9:204:23 | b1 | exprs.kt:200:5:211:5 | x | LocalVariableDeclExpr | | exprs.kt:204:19:204:19 | s | exprs.kt:200:5:211:5 | x | VarAccess | -| exprs.kt:204:19:204:23 | ... + ... | exprs.kt:200:5:211:5 | x | AddExpr | +| exprs.kt:204:19:204:23 | Intrinsics | exprs.kt:200:5:211:5 | x | TypeAccess | +| exprs.kt:204:19:204:23 | stringPlus(...) | exprs.kt:200:5:211:5 | x | MethodAccess | | exprs.kt:204:23:204:23 | 5 | exprs.kt:200:5:211:5 | x | IntegerLiteral | | exprs.kt:205:9:205:29 | b2 | exprs.kt:200:5:211:5 | x | LocalVariableDeclExpr | | exprs.kt:205:19:205:19 | s | exprs.kt:200:5:211:5 | x | VarAccess | | exprs.kt:205:20:205:21 | ...!! | exprs.kt:200:5:211:5 | x | NotNullExpr | -| exprs.kt:205:23:205:29 | plus(...) | exprs.kt:200:5:211:5 | x | MethodAccess | +| exprs.kt:205:23:205:29 | ... + ... | exprs.kt:200:5:211:5 | x | AddExpr | | exprs.kt:205:28:205:28 | 5 | exprs.kt:200:5:211:5 | x | IntegerLiteral | | exprs.kt:206:9:206:25 | b3 | exprs.kt:200:5:211:5 | x | LocalVariableDeclExpr | | exprs.kt:206:19:206:19 | s | exprs.kt:200:5:211:5 | x | VarAccess | @@ -1736,6 +1738,301 @@ | exprs.kt:276:5:276:26 | ExprsKt | exprs.kt:274:1:277:1 | callToEnumValues | TypeAccess | | exprs.kt:276:5:276:26 | Unit | exprs.kt:274:1:277:1 | callToEnumValues | TypeAccess | | exprs.kt:276:5:276:26 | getEnumValues(...) | exprs.kt:274:1:277:1 | callToEnumValues | MethodAccess | +| exprs.kt:279:1:340:1 | Unit | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:16:279:21 | int | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:24:279:32 | double | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:35:279:41 | byte | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:44:279:51 | short | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:54:279:60 | long | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:63:279:70 | float | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:280:5:280:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:280:5:280:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:280:5:280:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:280:6:280:6 | i | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:281:5:281:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:281:5:281:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:281:5:281:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:281:6:281:6 | i | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:282:5:282:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:282:5:282:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:282:5:282:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:282:6:282:6 | d | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:283:5:283:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:283:5:283:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:283:5:283:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:283:6:283:6 | d | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:284:5:284:14 | i0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:284:14:284:14 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:285:5:285:14 | i1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:285:14:285:14 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:286:5:286:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:286:5:286:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:286:5:286:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:286:5:286:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:286:5:286:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:286:5:286:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:286:5:286:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:287:5:287:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:287:5:287:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:287:5:287:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:287:5:287:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:287:7:287:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:288:5:288:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:288:5:288:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:288:5:288:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:288:5:288:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:289:5:289:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:289:5:289:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:289:5:289:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:289:5:289:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:289:7:289:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:290:5:290:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:290:8:290:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:290:8:290:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:290:8:290:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:291:5:291:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:291:8:291:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:291:8:291:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:291:8:291:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:292:5:292:6 | i1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:292:8:292:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:292:8:292:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:292:8:292:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:293:5:293:6 | i1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:293:8:293:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:293:8:293:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:293:8:293:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:294:5:294:5 | i | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:294:7:294:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:294:7:294:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:294:7:294:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:296:5:296:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:296:5:296:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:296:5:296:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:296:6:296:6 | b | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:297:5:297:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:297:5:297:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:297:5:297:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:297:6:297:6 | b | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:298:5:298:20 | b0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:298:20:298:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:299:5:299:20 | b1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:299:20:299:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:300:5:300:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:300:5:300:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:300:5:300:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:300:5:300:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:300:5:300:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:300:5:300:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:300:5:300:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:300:5:300:8 | tmp2 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:300:5:300:8 | tmp2 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:300:5:300:8 | tmp2 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:301:5:301:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:301:5:301:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:301:5:301:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:301:5:301:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:301:7:301:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:301:7:301:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:301:7:301:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:301:7:301:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:302:5:302:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:302:5:302:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:302:5:302:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:302:5:302:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:302:5:302:8 | tmp3 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:302:5:302:8 | tmp3 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:8 | tmp3 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:303:5:303:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:303:5:303:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:303:5:303:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:303:5:303:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:303:7:303:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:303:7:303:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:303:7:303:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:303:7:303:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:304:5:304:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:304:8:304:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:304:8:304:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:304:8:304:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:305:5:305:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:305:8:305:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:305:8:305:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:305:8:305:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:306:5:306:6 | b1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:306:8:306:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:306:8:306:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:306:8:306:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:307:5:307:6 | b1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:307:8:307:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:307:8:307:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:307:8:307:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:308:5:308:5 | b | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:308:7:308:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:308:7:308:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:308:7:308:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:310:5:310:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:310:5:310:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:310:5:310:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:310:6:310:6 | s | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:311:5:311:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:311:5:311:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:311:5:311:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:311:6:311:6 | s | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:312:5:312:21 | s0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:312:21:312:21 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:313:5:313:21 | s1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:313:21:313:21 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:314:5:314:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:314:5:314:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:314:5:314:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:314:5:314:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:314:5:314:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:314:5:314:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:314:5:314:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:314:5:314:8 | tmp4 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:314:5:314:8 | tmp4 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:314:5:314:8 | tmp4 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:315:5:315:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:315:5:315:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:315:5:315:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:315:5:315:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:315:7:315:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:315:7:315:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:315:7:315:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:315:7:315:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:316:5:316:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:316:5:316:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:316:5:316:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:316:5:316:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:316:5:316:8 | tmp5 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:316:5:316:8 | tmp5 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:8 | tmp5 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:317:5:317:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:317:5:317:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:317:5:317:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:317:5:317:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:317:7:317:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:317:7:317:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:317:7:317:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:317:7:317:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:318:5:318:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:318:8:318:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:318:8:318:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:318:8:318:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:319:5:319:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:319:8:319:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:319:8:319:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:319:8:319:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:320:5:320:6 | s1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:320:8:320:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:320:8:320:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:320:8:320:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:321:5:321:6 | s1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:321:8:321:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:321:8:321:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:321:8:321:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:322:5:322:5 | s | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:322:7:322:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:322:7:322:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:322:7:322:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:324:5:324:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:324:5:324:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:324:5:324:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:324:6:324:6 | l | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:325:5:325:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:325:5:325:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:325:5:325:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:325:6:325:6 | l | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:326:5:326:20 | l0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:326:20:326:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | LongLiteral | +| exprs.kt:327:5:327:20 | l1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:327:20:327:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | LongLiteral | +| exprs.kt:328:5:328:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:328:5:328:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:328:5:328:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:328:5:328:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:328:5:328:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:328:5:328:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:328:5:328:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:328:5:328:8 | tmp6 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:328:5:328:8 | tmp6 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:328:5:328:8 | tmp6 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:329:5:329:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:329:5:329:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:329:5:329:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:329:5:329:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:329:7:329:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:329:7:329:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:329:7:329:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:329:7:329:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:330:5:330:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:330:5:330:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:330:5:330:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:330:5:330:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:330:5:330:8 | tmp7 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:330:5:330:8 | tmp7 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:8 | tmp7 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:331:5:331:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:331:5:331:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:331:5:331:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:331:5:331:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:331:7:331:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:331:7:331:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:331:7:331:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:331:7:331:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:332:5:332:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:332:8:332:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:332:8:332:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:332:8:332:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:333:5:333:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:333:8:333:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:333:8:333:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:333:8:333:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:334:5:334:6 | l1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:334:8:334:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:334:8:334:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:334:8:334:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:335:5:335:6 | l1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:335:8:335:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:335:8:335:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:335:8:335:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:336:5:336:5 | l | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:336:7:336:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:336:7:336:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:336:7:336:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:338:5:338:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:338:5:338:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:338:5:338:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:338:6:338:6 | f | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:339:5:339:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:339:5:339:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:339:5:339:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:339:6:339:6 | f | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | | funcExprs.kt:1:1:1:46 | Unit | file://:0:0:0:0 | | TypeAccess | | funcExprs.kt:1:26:1:37 | Function0 | file://:0:0:0:0 | | TypeAccess | | funcExprs.kt:1:26:1:37 | Integer | file://:0:0:0:0 | | TypeAccess | @@ -2410,6 +2707,7 @@ | funcExprs.kt:38:5:38:39 | functionExpression0a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:38:26:38:34 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:38:26:38:34 | new FuncRef(...) | funcExprs.kt:21:1:52:1 | call | ClassInstanceExpr | +| funcExprs.kt:38:26:38:38 | 0 | funcExprs.kt:38:26:38:38 | | IntegerLiteral | | funcExprs.kt:38:26:38:38 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:38:26:38:38 | ...=... | funcExprs.kt:38:26:38:38 | | AssignExpr | | funcExprs.kt:38:26:38:38 | | funcExprs.kt:38:26:38:38 | | VarAccess | @@ -2424,6 +2722,7 @@ | funcExprs.kt:39:5:39:37 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:39:5:39:37 | functionExpression0a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:39:26:39:32 | Companion | funcExprs.kt:21:1:52:1 | call | VarAccess | +| funcExprs.kt:39:26:39:36 | 0 | funcExprs.kt:39:26:39:36 | | IntegerLiteral | | funcExprs.kt:39:26:39:36 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:39:26:39:36 | ...=... | funcExprs.kt:39:26:39:36 | | AssignExpr | | funcExprs.kt:39:26:39:36 | | funcExprs.kt:39:26:39:36 | | VarAccess | @@ -2440,6 +2739,7 @@ | funcExprs.kt:40:26:40:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | | funcExprs.kt:40:29:40:37 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:40:29:40:37 | new FuncRef(...) | funcExprs.kt:21:1:52:1 | call | ClassInstanceExpr | +| funcExprs.kt:40:29:40:41 | 1 | funcExprs.kt:40:29:40:41 | | IntegerLiteral | | funcExprs.kt:40:29:40:41 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:40:29:40:41 | ...=... | funcExprs.kt:40:29:40:41 | | AssignExpr | | funcExprs.kt:40:29:40:41 | | funcExprs.kt:40:29:40:41 | | VarAccess | @@ -2456,6 +2756,7 @@ | funcExprs.kt:41:5:41:40 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:41:5:41:40 | functionExpression1c(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:41:26:41:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | +| funcExprs.kt:41:29:41:39 | 2 | funcExprs.kt:41:29:41:39 | | IntegerLiteral | | funcExprs.kt:41:29:41:39 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:41:29:41:39 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:41:29:41:39 | Function2 | funcExprs.kt:21:1:52:1 | call | TypeAccess | @@ -2468,6 +2769,7 @@ | funcExprs.kt:42:5:42:34 | functionExpression1a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:42:26:42:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | | funcExprs.kt:42:29:42:29 | 3 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | +| funcExprs.kt:42:29:42:33 | 1 | funcExprs.kt:42:29:42:33 | | IntegerLiteral | | funcExprs.kt:42:29:42:33 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:42:29:42:33 | ...=... | funcExprs.kt:42:29:42:33 | | AssignExpr | | funcExprs.kt:42:29:42:33 | | funcExprs.kt:42:29:42:33 | | VarAccess | @@ -2485,6 +2787,7 @@ | funcExprs.kt:43:5:43:35 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:43:5:43:35 | functionExpression3(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:43:25:43:25 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | +| funcExprs.kt:43:28:43:34 | 2 | funcExprs.kt:43:28:43:34 | | IntegerLiteral | | funcExprs.kt:43:28:43:34 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:43:28:43:34 | FuncExprsKt | funcExprs.kt:43:28:43:34 | invoke | TypeAccess | | funcExprs.kt:43:28:43:34 | Function2 | funcExprs.kt:21:1:52:1 | call | TypeAccess | @@ -2499,6 +2802,7 @@ | funcExprs.kt:44:26:44:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | | funcExprs.kt:44:29:44:37 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:44:29:44:37 | new FuncRef(...) | funcExprs.kt:21:1:52:1 | call | ClassInstanceExpr | +| funcExprs.kt:44:29:44:42 | 22 | funcExprs.kt:44:29:44:42 | | IntegerLiteral | | funcExprs.kt:44:29:44:42 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:44:29:44:42 | ...=... | funcExprs.kt:44:29:44:42 | | AssignExpr | | funcExprs.kt:44:29:44:42 | | funcExprs.kt:44:29:44:42 | | VarAccess | @@ -2582,6 +2886,7 @@ | funcExprs.kt:45:29:45:42 | 20 | funcExprs.kt:45:29:45:42 | invoke | IntegerLiteral | | funcExprs.kt:45:29:45:42 | 21 | funcExprs.kt:45:29:45:42 | invoke | IntegerLiteral | | funcExprs.kt:45:29:45:42 | 22 | funcExprs.kt:45:29:45:42 | invoke | IntegerLiteral | +| funcExprs.kt:45:29:45:42 | 23 | funcExprs.kt:45:29:45:42 | | IntegerLiteral | | funcExprs.kt:45:29:45:42 | (...)... | funcExprs.kt:45:29:45:42 | invoke | CastExpr | | funcExprs.kt:45:29:45:42 | (...)... | funcExprs.kt:45:29:45:42 | invoke | CastExpr | | funcExprs.kt:45:29:45:42 | (...)... | funcExprs.kt:45:29:45:42 | invoke | CastExpr | @@ -2712,6 +3017,7 @@ | funcExprs.kt:46:30:46:41 | 21 | funcExprs.kt:46:30:46:41 | invoke | IntegerLiteral | | funcExprs.kt:46:30:46:41 | 22 | funcExprs.kt:46:30:46:41 | invoke | IntegerLiteral | | funcExprs.kt:46:30:46:41 | 23 | funcExprs.kt:46:30:46:41 | invoke | IntegerLiteral | +| funcExprs.kt:46:30:46:41 | 24 | funcExprs.kt:46:30:46:41 | | IntegerLiteral | | funcExprs.kt:46:30:46:41 | (...)... | funcExprs.kt:46:30:46:41 | invoke | CastExpr | | funcExprs.kt:46:30:46:41 | (...)... | funcExprs.kt:46:30:46:41 | invoke | CastExpr | | funcExprs.kt:46:30:46:41 | (...)... | funcExprs.kt:46:30:46:41 | invoke | CastExpr | @@ -2816,6 +3122,7 @@ | funcExprs.kt:48:24:48:24 | 5 | funcExprs.kt:48:5:48:24 | local | IntegerLiteral | | funcExprs.kt:49:5:49:33 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:49:5:49:33 | functionExpression0a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | +| funcExprs.kt:49:26:49:32 | 0 | funcExprs.kt:49:26:49:32 | | IntegerLiteral | | funcExprs.kt:49:26:49:32 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:49:26:49:32 | Function0 | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:49:26:49:32 | Integer | funcExprs.kt:21:1:52:1 | call | TypeAccess | @@ -2825,6 +3132,7 @@ | funcExprs.kt:51:5:51:17 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:51:5:51:17 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:51:5:51:17 | fn(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | +| funcExprs.kt:51:8:51:16 | 0 | funcExprs.kt:51:8:51:16 | | IntegerLiteral | | funcExprs.kt:51:8:51:16 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:51:8:51:16 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:51:8:51:16 | FuncRef | funcExprs.kt:51:8:51:16 | invoke | TypeAccess | @@ -3206,6 +3514,7 @@ | kFunctionInvoke.kt:7:18:7:26 | String | file://:0:0:0:0 | | TypeAccess | | kFunctionInvoke.kt:8:5:8:47 | toCall | kFunctionInvoke.kt:7:1:10:1 | useRef | LocalVariableDeclExpr | | kFunctionInvoke.kt:8:44:8:44 | a | kFunctionInvoke.kt:7:1:10:1 | useRef | VarAccess | +| kFunctionInvoke.kt:8:44:8:47 | 1 | kFunctionInvoke.kt:8:44:8:47 | | IntegerLiteral | | kFunctionInvoke.kt:8:44:8:47 | ...::... | kFunctionInvoke.kt:7:1:10:1 | useRef | MemberRefExpr | | kFunctionInvoke.kt:8:44:8:47 | ...=... | kFunctionInvoke.kt:8:44:8:47 | | AssignExpr | | kFunctionInvoke.kt:8:44:8:47 | | kFunctionInvoke.kt:8:44:8:47 | | VarAccess | @@ -3347,6 +3656,7 @@ | samConversion.kt:5:14:5:32 | new (...) | samConversion.kt:1:1:14:1 | main | ClassInstanceExpr | | samConversion.kt:5:14:5:32 | this | samConversion.kt:5:14:5:32 | | ThisAccess | | samConversion.kt:5:14:5:32 | this. | samConversion.kt:5:14:5:32 | | VarAccess | +| samConversion.kt:5:27:5:31 | 2 | samConversion.kt:5:27:5:31 | | IntegerLiteral | | samConversion.kt:5:27:5:31 | ...::... | samConversion.kt:1:1:14:1 | main | MemberRefExpr | | samConversion.kt:5:27:5:31 | Function2 | samConversion.kt:1:1:14:1 | main | TypeAccess | | samConversion.kt:5:27:5:31 | Integer | samConversion.kt:1:1:14:1 | main | TypeAccess | @@ -3515,6 +3825,7 @@ | samConversion.kt:41:13:41:16 | 20 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral | | samConversion.kt:41:13:41:16 | 21 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral | | samConversion.kt:41:13:41:16 | 22 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral | +| samConversion.kt:41:13:41:16 | 23 | samConversion.kt:41:13:41:16 | | IntegerLiteral | | samConversion.kt:41:13:41:16 | (...)... | samConversion.kt:41:13:41:16 | invoke | CastExpr | | samConversion.kt:41:13:41:16 | (...)... | samConversion.kt:41:13:41:16 | invoke | CastExpr | | samConversion.kt:41:13:41:16 | (...)... | samConversion.kt:41:13:41:16 | invoke | CastExpr | @@ -3951,6 +4262,72 @@ | samConversion.kt:59:8:59:15 | fn1(...) | samConversion.kt:57:9:60:1 | test | MethodAccess | | samConversion.kt:59:12:59:12 | 1 | samConversion.kt:57:9:60:1 | test | IntegerLiteral | | samConversion.kt:59:14:59:14 | 2 | samConversion.kt:57:9:60:1 | test | IntegerLiteral | +| samConversion.kt:63:5:63:13 | ...=... | samConversion.kt:62:1:64:1 | PropertyRefsTest | KtInitializerAssignExpr | +| samConversion.kt:63:5:63:13 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:63:5:63:13 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:63:5:63:13 | this | samConversion.kt:63:5:63:13 | getX | ThisAccess | +| samConversion.kt:63:5:63:13 | this.x | samConversion.kt:63:5:63:13 | getX | VarAccess | +| samConversion.kt:63:5:63:13 | x | samConversion.kt:62:1:64:1 | PropertyRefsTest | VarAccess | +| samConversion.kt:63:13:63:13 | 1 | samConversion.kt:62:1:64:1 | PropertyRefsTest | IntegerLiteral | +| samConversion.kt:67:5:67:37 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:67:11:67:31 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:71:5:71:16 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:74:1:77:1 | Unit | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:74:22:74:42 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:5:75:33 | test1 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr | +| samConversion.kt:75:17:75:33 | (...)... | samConversion.kt:74:1:77:1 | propertyRefsTest | CastExpr | +| samConversion.kt:75:17:75:33 | ...=... | samConversion.kt:75:17:75:33 | | AssignExpr | +| samConversion.kt:75:17:75:33 | | samConversion.kt:75:17:75:33 | | VarAccess | +| samConversion.kt:75:17:75:33 | | samConversion.kt:75:17:75:33 | f | VarAccess | +| samConversion.kt:75:17:75:33 | Function0 | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:17:75:33 | IntGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:17:75:33 | IntGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:17:75:33 | Integer | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:17:75:33 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:17:75:33 | invoke(...) | samConversion.kt:75:17:75:33 | f | MethodAccess | +| samConversion.kt:75:17:75:33 | new (...) | samConversion.kt:74:1:77:1 | propertyRefsTest | ClassInstanceExpr | +| samConversion.kt:75:17:75:33 | this | samConversion.kt:75:17:75:33 | | ThisAccess | +| samConversion.kt:75:17:75:33 | this. | samConversion.kt:75:17:75:33 | | VarAccess | +| samConversion.kt:75:27:75:29 | prt | samConversion.kt:74:1:77:1 | propertyRefsTest | VarAccess | +| samConversion.kt:75:27:75:32 | ...::... | samConversion.kt:74:1:77:1 | propertyRefsTest | PropertyRefExpr | +| samConversion.kt:75:27:75:32 | ...=... | samConversion.kt:75:27:75:32 | | AssignExpr | +| samConversion.kt:75:27:75:32 | | samConversion.kt:75:27:75:32 | | VarAccess | +| samConversion.kt:75:27:75:32 | Integer | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:27:75:32 | KProperty0 | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:27:75:32 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:27:75:32 | get(...) | samConversion.kt:75:27:75:32 | invoke | MethodAccess | +| samConversion.kt:75:27:75:32 | getX(...) | samConversion.kt:75:27:75:32 | get | MethodAccess | +| samConversion.kt:75:27:75:32 | this | samConversion.kt:75:27:75:32 | | ThisAccess | +| samConversion.kt:75:27:75:32 | this | samConversion.kt:75:27:75:32 | get | ThisAccess | +| samConversion.kt:75:27:75:32 | this | samConversion.kt:75:27:75:32 | invoke | ThisAccess | +| samConversion.kt:75:27:75:32 | this. | samConversion.kt:75:27:75:32 | | VarAccess | +| samConversion.kt:75:27:75:32 | this. | samConversion.kt:75:27:75:32 | get | VarAccess | +| samConversion.kt:76:5:76:55 | test2 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr | +| samConversion.kt:76:17:76:55 | (...)... | samConversion.kt:74:1:77:1 | propertyRefsTest | CastExpr | +| samConversion.kt:76:17:76:55 | ...=... | samConversion.kt:76:17:76:55 | | AssignExpr | +| samConversion.kt:76:17:76:55 | | samConversion.kt:76:17:76:55 | | VarAccess | +| samConversion.kt:76:17:76:55 | | samConversion.kt:76:17:76:55 | f | VarAccess | +| samConversion.kt:76:17:76:55 | Function1 | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | Integer | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | invoke(...) | samConversion.kt:76:17:76:55 | f | MethodAccess | +| samConversion.kt:76:17:76:55 | new (...) | samConversion.kt:74:1:77:1 | propertyRefsTest | ClassInstanceExpr | +| samConversion.kt:76:17:76:55 | prt | samConversion.kt:76:17:76:55 | f | VarAccess | +| samConversion.kt:76:17:76:55 | this | samConversion.kt:76:17:76:55 | | ThisAccess | +| samConversion.kt:76:17:76:55 | this. | samConversion.kt:76:17:76:55 | | VarAccess | +| samConversion.kt:76:36:76:54 | ...::... | samConversion.kt:74:1:77:1 | propertyRefsTest | PropertyRefExpr | +| samConversion.kt:76:36:76:54 | Integer | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:36:76:54 | KProperty1 | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:36:76:54 | PropertyRefsTest | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:36:76:54 | a0 | samConversion.kt:76:36:76:54 | get | VarAccess | +| samConversion.kt:76:36:76:54 | a0 | samConversion.kt:76:36:76:54 | invoke | VarAccess | +| samConversion.kt:76:36:76:54 | get(...) | samConversion.kt:76:36:76:54 | invoke | MethodAccess | +| samConversion.kt:76:36:76:54 | getX(...) | samConversion.kt:76:36:76:54 | get | MethodAccess | +| samConversion.kt:76:36:76:54 | this | samConversion.kt:76:36:76:54 | invoke | ThisAccess | | whenExpr.kt:1:1:9:1 | int | file://:0:0:0:0 | | TypeAccess | | whenExpr.kt:1:14:1:19 | int | file://:0:0:0:0 | | TypeAccess | | whenExpr.kt:2:10:8:3 | | whenExpr.kt:1:1:9:1 | testWhen | StmtExpr | diff --git a/java/ql/test/kotlin/library-tests/exprs/exprs.kt b/java/ql/test/kotlin/library-tests/exprs/exprs.kt index bd401f30e21..94d4954a3e0 100644 --- a/java/ql/test/kotlin/library-tests/exprs/exprs.kt +++ b/java/ql/test/kotlin/library-tests/exprs/exprs.kt @@ -1,6 +1,6 @@ import java.awt.Polygon import java.awt.Rectangle - +import kotlin.experimental.inv fun topLevelMethod(x: Int, y: Int, byx: Byte, byy: Byte, sx: Short, sy: Short, @@ -275,3 +275,66 @@ fun callToEnumValues() { enumValues() getEnumValues() } + +fun unaryExprs(i: Int, d: Double, b: Byte, s: Short, l: Long, f: Float) { + -i + +i + -d + +d + var i0 = 1 + val i1 = 1 + i0++ + ++i0 + i0-- + --i0 + i0.inc() + i0.dec() + i1.inc() + i1.dec() + i.inv() + + -b + +b + var b0: Byte = 1 + val b1: Byte = 1 + b0++ + ++b0 + b0-- + --b0 + b0.inc() + b0.dec() + b1.inc() + b1.dec() + b.inv() + + -s + +s + var s0: Short = 1 + val s1: Short = 1 + s0++ + ++s0 + s0-- + --s0 + s0.inc() + s0.dec() + s1.inc() + s1.dec() + s.inv() + + -l + +l + var l0: Long = 1 + val l1: Long = 1 + l0++ + ++l0 + l0-- + --l0 + l0.inc() + l0.dec() + l1.inc() + l1.dec() + l.inv() + + +f + -f +} diff --git a/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected b/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected index 8b4da235ba0..250829dd507 100644 --- a/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected +++ b/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected @@ -42,7 +42,7 @@ memberRefExprs | kFunctionInvoke.kt:8:44:8:47 | ...::... | kFunctionInvoke.kt:8:44:8:47 | invoke | invoke(java.lang.String) | kFunctionInvoke.kt:8:44:8:47 | new Function1(...) { ... } | | samConversion.kt:5:27:5:31 | ...::... | samConversion.kt:5:27:5:31 | invoke | invoke(int,int) | samConversion.kt:5:27:5:31 | new Function2(...) { ... } | | samConversion.kt:41:13:41:16 | ...::... | samConversion.kt:41:13:41:16 | invoke | invoke(java.lang.Object[]) | samConversion.kt:41:13:41:16 | new FunctionN(...) { ... } | -modifiers +lambda_modifiers | delegatedProperties.kt:6:32:9:9 | ...->... | delegatedProperties.kt:6:32:9:9 | invoke | override, public | | funcExprs.kt:22:26:22:33 | ...->... | funcExprs.kt:22:26:22:33 | invoke | override, public | | funcExprs.kt:23:26:23:33 | ...->... | funcExprs.kt:23:26:23:33 | invoke | override, public | @@ -74,6 +74,179 @@ modifiers | samConversion.kt:43:31:45:68 | ...->... | samConversion.kt:43:31:45:68 | invoke | public | | samConversion.kt:46:32:46:44 | ...->... | samConversion.kt:46:32:46:44 | invoke | override, public | | samConversion.kt:58:30:58:45 | ...->... | samConversion.kt:58:30:58:45 | invoke | override, public, suspend | +anon_class_member_modifiers +| delegatedProperties.kt:6:24:9:9 | new KProperty0(...) { ... } | delegatedProperties.kt:6:24:9:9 | get | override, public | +| delegatedProperties.kt:6:24:9:9 | new KProperty0(...) { ... } | delegatedProperties.kt:6:24:9:9 | invoke | override, public | +| delegatedProperties.kt:6:32:9:9 | new Function0(...) { ... } | delegatedProperties.kt:6:32:9:9 | invoke | override, public | +| delegatedProperties.kt:19:31:19:51 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:19:31:19:51 | get | override, public | +| delegatedProperties.kt:19:31:19:51 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:19:31:19:51 | get | override, public | +| delegatedProperties.kt:19:31:19:51 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:19:31:19:51 | invoke | override, public | +| delegatedProperties.kt:19:31:19:51 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:19:31:19:51 | invoke | override, public | +| delegatedProperties.kt:19:31:19:51 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:19:31:19:51 | set | override, public | +| delegatedProperties.kt:19:31:19:51 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:19:31:19:51 | set | override, public | +| delegatedProperties.kt:23:26:23:31 | new KProperty0(...) { ... } | delegatedProperties.kt:23:26:23:31 | get | override, public | +| delegatedProperties.kt:23:26:23:31 | new KProperty0(...) { ... } | delegatedProperties.kt:23:26:23:31 | invoke | override, public | +| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty(...) { ... } | delegatedProperties.kt:26:13:26:28 | getCurValue | public | +| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty(...) { ... } | delegatedProperties.kt:26:13:26:28 | setCurValue | public | +| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty(...) { ... } | delegatedProperties.kt:27:22:27:88 | getValue | override, public | +| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty(...) { ... } | delegatedProperties.kt:28:22:30:13 | setValue | override, public | +| delegatedProperties.kt:33:27:33:47 | new KProperty0(...) { ... } | delegatedProperties.kt:33:27:33:47 | get | override, public | +| delegatedProperties.kt:33:27:33:47 | new KProperty0(...) { ... } | delegatedProperties.kt:33:27:33:47 | invoke | override, public | +| delegatedProperties.kt:34:28:34:48 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:34:28:34:48 | get | override, public | +| delegatedProperties.kt:34:28:34:48 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:34:28:34:48 | get | override, public | +| delegatedProperties.kt:34:28:34:48 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:34:28:34:48 | invoke | override, public | +| delegatedProperties.kt:34:28:34:48 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:34:28:34:48 | invoke | override, public | +| delegatedProperties.kt:34:28:34:48 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:34:28:34:48 | set | override, public | +| delegatedProperties.kt:34:28:34:48 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:34:28:34:48 | set | override, public | +| delegatedProperties.kt:39:31:39:51 | new KProperty0(...) { ... } | delegatedProperties.kt:39:31:39:51 | get | override, public | +| delegatedProperties.kt:39:31:39:51 | new KProperty0(...) { ... } | delegatedProperties.kt:39:31:39:51 | get | override, public | +| delegatedProperties.kt:39:31:39:51 | new KProperty0(...) { ... } | delegatedProperties.kt:39:31:39:51 | invoke | override, public | +| delegatedProperties.kt:39:31:39:51 | new KProperty0(...) { ... } | delegatedProperties.kt:39:31:39:51 | invoke | override, public | +| delegatedProperties.kt:42:27:42:47 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:42:27:42:47 | get | override, public | +| delegatedProperties.kt:42:27:42:47 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:42:27:42:47 | get | override, public | +| delegatedProperties.kt:42:27:42:47 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:42:27:42:47 | invoke | override, public | +| delegatedProperties.kt:42:27:42:47 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:42:27:42:47 | invoke | override, public | +| delegatedProperties.kt:42:27:42:47 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:42:27:42:47 | set | override, public | +| delegatedProperties.kt:42:27:42:47 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:42:27:42:47 | set | override, public | +| delegatedProperties.kt:66:33:66:50 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:66:33:66:50 | get | override, public | +| delegatedProperties.kt:66:33:66:50 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:66:33:66:50 | get | override, public | +| delegatedProperties.kt:66:33:66:50 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:66:33:66:50 | invoke | override, public | +| delegatedProperties.kt:66:33:66:50 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:66:33:66:50 | invoke | override, public | +| delegatedProperties.kt:66:33:66:50 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:66:33:66:50 | set | override, public | +| delegatedProperties.kt:66:33:66:50 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:66:33:66:50 | set | override, public | +| delegatedProperties.kt:66:36:66:50 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:66:36:66:50 | get | override, public | +| delegatedProperties.kt:66:36:66:50 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:66:36:66:50 | invoke | override, public | +| delegatedProperties.kt:66:36:66:50 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:66:36:66:50 | set | override, public | +| delegatedProperties.kt:67:33:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:33:67:53 | get | override, public | +| delegatedProperties.kt:67:33:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:33:67:53 | get | override, public | +| delegatedProperties.kt:67:33:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:33:67:53 | invoke | override, public | +| delegatedProperties.kt:67:33:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:33:67:53 | invoke | override, public | +| delegatedProperties.kt:67:33:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:33:67:53 | set | override, public | +| delegatedProperties.kt:67:33:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:33:67:53 | set | override, public | +| delegatedProperties.kt:67:36:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:36:67:53 | get | override, public | +| delegatedProperties.kt:67:36:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:36:67:53 | invoke | override, public | +| delegatedProperties.kt:67:36:67:53 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:67:36:67:53 | set | override, public | +| delegatedProperties.kt:69:36:69:56 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:69:36:69:56 | get | override, public | +| delegatedProperties.kt:69:36:69:56 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:69:36:69:56 | get | override, public | +| delegatedProperties.kt:69:36:69:56 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:69:36:69:56 | invoke | override, public | +| delegatedProperties.kt:69:36:69:56 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:69:36:69:56 | invoke | override, public | +| delegatedProperties.kt:69:36:69:56 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:69:36:69:56 | set | override, public | +| delegatedProperties.kt:69:36:69:56 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:69:36:69:56 | set | override, public | +| delegatedProperties.kt:69:39:69:56 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:69:39:69:56 | get | override, public | +| delegatedProperties.kt:69:39:69:56 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:69:39:69:56 | invoke | override, public | +| delegatedProperties.kt:69:39:69:56 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:69:39:69:56 | set | override, public | +| delegatedProperties.kt:70:36:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:36:70:59 | get | override, public | +| delegatedProperties.kt:70:36:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:36:70:59 | get | override, public | +| delegatedProperties.kt:70:36:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:36:70:59 | invoke | override, public | +| delegatedProperties.kt:70:36:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:36:70:59 | invoke | override, public | +| delegatedProperties.kt:70:36:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:36:70:59 | set | override, public | +| delegatedProperties.kt:70:36:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:36:70:59 | set | override, public | +| delegatedProperties.kt:70:39:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:39:70:59 | get | override, public | +| delegatedProperties.kt:70:39:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:39:70:59 | invoke | override, public | +| delegatedProperties.kt:70:39:70:59 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:70:39:70:59 | set | override, public | +| delegatedProperties.kt:72:36:72:56 | new KProperty1(...) { ... } | delegatedProperties.kt:72:36:72:56 | get | override, public | +| delegatedProperties.kt:72:36:72:56 | new KProperty1(...) { ... } | delegatedProperties.kt:72:36:72:56 | invoke | override, public | +| delegatedProperties.kt:72:39:72:56 | new KProperty0(...) { ... } | delegatedProperties.kt:72:39:72:56 | get | override, public | +| delegatedProperties.kt:72:39:72:56 | new KProperty0(...) { ... } | delegatedProperties.kt:72:39:72:56 | invoke | override, public | +| delegatedProperties.kt:73:36:73:56 | new KProperty1(...) { ... } | delegatedProperties.kt:73:36:73:56 | get | override, public | +| delegatedProperties.kt:73:36:73:56 | new KProperty1(...) { ... } | delegatedProperties.kt:73:36:73:56 | invoke | override, public | +| delegatedProperties.kt:73:39:73:56 | new KProperty1(...) { ... } | delegatedProperties.kt:73:39:73:56 | get | override, public | +| delegatedProperties.kt:73:39:73:56 | new KProperty1(...) { ... } | delegatedProperties.kt:73:39:73:56 | invoke | override, public | +| delegatedProperties.kt:75:39:75:78 | new KProperty1(...) { ... } | delegatedProperties.kt:75:39:75:78 | get | override, public | +| delegatedProperties.kt:75:39:75:78 | new KProperty1(...) { ... } | delegatedProperties.kt:75:39:75:78 | invoke | override, public | +| delegatedProperties.kt:75:42:75:78 | new KProperty0(...) { ... } | delegatedProperties.kt:75:42:75:78 | get | override, public | +| delegatedProperties.kt:75:42:75:78 | new KProperty0(...) { ... } | delegatedProperties.kt:75:42:75:78 | invoke | override, public | +| delegatedProperties.kt:77:34:77:49 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:77:34:77:49 | get | override, public | +| delegatedProperties.kt:77:34:77:49 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:77:34:77:49 | get | override, public | +| delegatedProperties.kt:77:34:77:49 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:77:34:77:49 | invoke | override, public | +| delegatedProperties.kt:77:34:77:49 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:77:34:77:49 | invoke | override, public | +| delegatedProperties.kt:77:34:77:49 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:77:34:77:49 | set | override, public | +| delegatedProperties.kt:77:34:77:49 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:77:34:77:49 | set | override, public | +| delegatedProperties.kt:77:37:77:49 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:77:37:77:49 | get | override, public | +| delegatedProperties.kt:77:37:77:49 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:77:37:77:49 | invoke | override, public | +| delegatedProperties.kt:77:37:77:49 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:77:37:77:49 | set | override, public | +| delegatedProperties.kt:79:18:79:38 | new KProperty1(...) { ... } | delegatedProperties.kt:79:18:79:38 | get | override, public | +| delegatedProperties.kt:79:18:79:38 | new KProperty1(...) { ... } | delegatedProperties.kt:79:18:79:38 | invoke | override, public | +| delegatedProperties.kt:79:21:79:38 | new KProperty0(...) { ... } | delegatedProperties.kt:79:21:79:38 | get | override, public | +| delegatedProperties.kt:79:21:79:38 | new KProperty0(...) { ... } | delegatedProperties.kt:79:21:79:38 | invoke | override, public | +| delegatedProperties.kt:82:37:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:37:82:54 | get | override, public | +| delegatedProperties.kt:82:37:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:37:82:54 | get | override, public | +| delegatedProperties.kt:82:37:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:37:82:54 | invoke | override, public | +| delegatedProperties.kt:82:37:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:37:82:54 | invoke | override, public | +| delegatedProperties.kt:82:37:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:37:82:54 | set | override, public | +| delegatedProperties.kt:82:37:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:37:82:54 | set | override, public | +| delegatedProperties.kt:82:40:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:40:82:54 | get | override, public | +| delegatedProperties.kt:82:40:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:40:82:54 | invoke | override, public | +| delegatedProperties.kt:82:40:82:54 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:82:40:82:54 | set | override, public | +| delegatedProperties.kt:87:31:87:46 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:87:31:87:46 | get | override, public | +| delegatedProperties.kt:87:31:87:46 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:87:31:87:46 | get | override, public | +| delegatedProperties.kt:87:31:87:46 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:87:31:87:46 | invoke | override, public | +| delegatedProperties.kt:87:31:87:46 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:87:31:87:46 | invoke | override, public | +| delegatedProperties.kt:87:31:87:46 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:87:31:87:46 | set | override, public | +| delegatedProperties.kt:87:31:87:46 | new KMutableProperty1(...) { ... } | delegatedProperties.kt:87:31:87:46 | set | override, public | +| delegatedProperties.kt:87:34:87:46 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:87:34:87:46 | get | override, public | +| delegatedProperties.kt:87:34:87:46 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:87:34:87:46 | invoke | override, public | +| delegatedProperties.kt:87:34:87:46 | new KMutableProperty0(...) { ... } | delegatedProperties.kt:87:34:87:46 | set | override, public | +| exprs.kt:189:16:191:9 | new Interface1(...) { ... } | exprs.kt:190:13:190:49 | getA3 | public | +| funcExprs.kt:22:26:22:33 | new Function0(...) { ... } | funcExprs.kt:22:26:22:33 | invoke | override, public | +| funcExprs.kt:23:26:23:33 | new Function0(...) { ... } | funcExprs.kt:23:26:23:33 | invoke | override, public | +| funcExprs.kt:24:26:24:33 | new Function0(...) { ... } | funcExprs.kt:24:26:24:33 | invoke | override, public | +| funcExprs.kt:25:29:25:38 | new Function1(...) { ... } | funcExprs.kt:25:29:25:38 | invoke | override, public | +| funcExprs.kt:26:29:26:34 | new Function1(...) { ... } | funcExprs.kt:26:29:26:34 | invoke | override, public | +| funcExprs.kt:27:29:27:42 | new Function1(...) { ... } | funcExprs.kt:27:29:27:42 | invoke | override, public | +| funcExprs.kt:29:29:29:37 | new Function1(...) { ... } | funcExprs.kt:29:29:29:37 | invoke | override, public | +| funcExprs.kt:30:28:30:50 | new Function2(...) { ... } | funcExprs.kt:30:28:30:50 | invoke | override, public | +| funcExprs.kt:31:28:31:40 | new Function2(...) { ... } | funcExprs.kt:31:28:31:40 | invoke | override, public | +| funcExprs.kt:32:28:32:44 | new Function2(...) { ... } | funcExprs.kt:32:28:32:44 | invoke | override, public | +| funcExprs.kt:33:28:33:51 | new Function1>(...) { ... } | funcExprs.kt:33:28:33:51 | invoke | override, public | +| funcExprs.kt:33:37:33:47 | new Function1(...) { ... } | funcExprs.kt:33:37:33:47 | invoke | override, public | +| funcExprs.kt:35:29:35:112 | new Function22(...) { ... } | funcExprs.kt:35:29:35:112 | invoke | override, public | +| funcExprs.kt:36:29:36:117 | new FunctionN(...) { ... } | funcExprs.kt:36:29:36:117 | invoke | override, public | +| funcExprs.kt:36:29:36:117 | new FunctionN(...) { ... } | funcExprs.kt:36:29:36:117 | invoke | public | +| funcExprs.kt:38:26:38:38 | new Function0(...) { ... } | funcExprs.kt:38:26:38:38 | invoke | override, public | +| funcExprs.kt:39:26:39:36 | new Function0(...) { ... } | funcExprs.kt:39:26:39:36 | invoke | override, public | +| funcExprs.kt:40:29:40:41 | new Function1(...) { ... } | funcExprs.kt:40:29:40:41 | invoke | override, public | +| funcExprs.kt:41:29:41:39 | new Function2(...) { ... } | funcExprs.kt:41:29:41:39 | invoke | override, public | +| funcExprs.kt:42:29:42:33 | new Function1(...) { ... } | funcExprs.kt:42:29:42:33 | invoke | override, public | +| funcExprs.kt:43:28:43:34 | new Function2(...) { ... } | funcExprs.kt:43:28:43:34 | invoke | override, public | +| funcExprs.kt:44:29:44:42 | new Function22(...) { ... } | funcExprs.kt:44:29:44:42 | invoke | override, public | +| funcExprs.kt:45:29:45:42 | new FunctionN(...) { ... } | funcExprs.kt:45:29:45:42 | invoke | override, public | +| funcExprs.kt:46:30:46:41 | new FunctionN(...) { ... } | funcExprs.kt:46:30:46:41 | invoke | override, public | +| funcExprs.kt:49:26:49:32 | new Function0(...) { ... } | funcExprs.kt:49:26:49:32 | invoke | override, public | +| funcExprs.kt:51:8:51:16 | new Function0(...) { ... } | funcExprs.kt:51:8:51:16 | invoke | override, public | +| funcExprs.kt:75:12:75:22 | new Function1>,String>(...) { ... } | funcExprs.kt:75:12:75:22 | invoke | override, public | +| funcExprs.kt:83:31:83:51 | new Function1(...) { ... } | funcExprs.kt:83:31:83:51 | invoke | override, public | +| funcExprs.kt:86:39:86:59 | new Function1(...) { ... } | funcExprs.kt:86:39:86:59 | invoke | override, public, suspend | +| funcExprs.kt:90:15:90:69 | new FunctionN(...) { ... } | funcExprs.kt:90:15:90:69 | invoke | override, public | +| funcExprs.kt:90:15:90:69 | new FunctionN(...) { ... } | funcExprs.kt:90:15:90:69 | invoke | public | +| funcExprs.kt:94:15:94:67 | new Function22(...) { ... } | funcExprs.kt:94:15:94:67 | invoke | override, public, suspend | +| kFunctionInvoke.kt:8:44:8:47 | new Function1(...) { ... } | kFunctionInvoke.kt:8:44:8:47 | invoke | override, public | +| samConversion.kt:2:18:2:45 | new IntPredicate(...) { ... } | samConversion.kt:2:18:2:45 | accept | override, public | +| samConversion.kt:2:31:2:45 | new Function1(...) { ... } | samConversion.kt:2:31:2:45 | invoke | override, public | +| samConversion.kt:4:14:4:42 | new InterfaceFn1(...) { ... } | samConversion.kt:4:14:4:42 | fn1 | override, public | +| samConversion.kt:4:27:4:42 | new Function2(...) { ... } | samConversion.kt:4:27:4:42 | invoke | override, public | +| samConversion.kt:5:14:5:32 | new InterfaceFn1(...) { ... } | samConversion.kt:5:14:5:32 | fn1 | override, public | +| samConversion.kt:5:27:5:31 | new Function2(...) { ... } | samConversion.kt:5:27:5:31 | invoke | override, public | +| samConversion.kt:7:13:7:46 | new InterfaceFnExt1(...) { ... } | samConversion.kt:7:13:7:46 | ext | override, public | +| samConversion.kt:7:29:7:46 | new Function2(...) { ... } | samConversion.kt:7:29:7:46 | invoke | override, public | +| samConversion.kt:9:13:13:6 | new IntPredicate(...) { ... } | samConversion.kt:9:13:13:6 | accept | override, public | +| samConversion.kt:9:33:11:5 | new Function1(...) { ... } | samConversion.kt:9:33:11:5 | invoke | override, public | +| samConversion.kt:11:12:13:5 | new Function1(...) { ... } | samConversion.kt:11:12:13:5 | invoke | override, public | +| samConversion.kt:41:13:41:16 | new FunctionN(...) { ... } | samConversion.kt:41:13:41:16 | invoke | override, public | +| samConversion.kt:42:13:42:32 | new BigArityPredicate(...) { ... } | samConversion.kt:42:13:42:32 | accept | override, public | +| samConversion.kt:43:13:45:68 | new BigArityPredicate(...) { ... } | samConversion.kt:43:13:45:68 | accept | override, public | +| samConversion.kt:43:31:45:68 | new FunctionN(...) { ... } | samConversion.kt:43:31:45:68 | invoke | override, public | +| samConversion.kt:43:31:45:68 | new FunctionN(...) { ... } | samConversion.kt:43:31:45:68 | invoke | public | +| samConversion.kt:46:13:46:44 | new SomePredicate(...) { ... } | samConversion.kt:46:13:46:44 | fn | override, public | +| samConversion.kt:46:32:46:44 | new Function1(...) { ... } | samConversion.kt:46:32:46:44 | invoke | override, public | +| samConversion.kt:58:14:58:45 | new InterfaceFn1Sus(...) { ... } | samConversion.kt:58:14:58:45 | fn1 | override, public, suspend | +| samConversion.kt:58:30:58:45 | new Function2(...) { ... } | samConversion.kt:58:30:58:45 | invoke | override, public, suspend | +| samConversion.kt:75:17:75:33 | new IntGetter(...) { ... } | samConversion.kt:75:17:75:33 | f | override, public | +| samConversion.kt:75:27:75:32 | new KProperty0(...) { ... } | samConversion.kt:75:27:75:32 | get | override, public | +| samConversion.kt:75:27:75:32 | new KProperty0(...) { ... } | samConversion.kt:75:27:75:32 | invoke | override, public | +| samConversion.kt:76:17:76:55 | new PropertyRefsGetter(...) { ... } | samConversion.kt:76:17:76:55 | f | override, public | +| samConversion.kt:76:36:76:54 | new KProperty1(...) { ... } | samConversion.kt:76:36:76:54 | get | override, public | +| samConversion.kt:76:36:76:54 | new KProperty1(...) { ... } | samConversion.kt:76:36:76:54 | invoke | override, public | nonOverrideInvoke | funcExprs.kt:36:29:36:117 | ...->... | funcExprs.kt:36:29:36:117 | invoke | 23 | | funcExprs.kt:90:15:90:69 | ...->... | funcExprs.kt:90:15:90:69 | invoke | 23 | diff --git a/java/ql/test/kotlin/library-tests/exprs/funcExprs.ql b/java/ql/test/kotlin/library-tests/exprs/funcExprs.ql index fa2b5fda2a2..f6e233336f3 100644 --- a/java/ql/test/kotlin/library-tests/exprs/funcExprs.ql +++ b/java/ql/test/kotlin/library-tests/exprs/funcExprs.ql @@ -19,11 +19,16 @@ query predicate memberRefExprs(MemberRefExpr e, Method m, string signature, Anon e.getAnonymousClass() = an } -query predicate modifiers(LambdaExpr le, Method m, string modifiers) { +query predicate lambda_modifiers(LambdaExpr le, Method m, string modifiers) { le.getAnonymousClass().getAMethod() = m and modifiers = concat(string s | m.hasModifier(s) | s, ", ") } +query predicate anon_class_member_modifiers(AnonymousClass ac, Method m, string modifiers) { + ac.getAMethod() = m and + modifiers = concat(string s | m.hasModifier(s) | s, ", ") +} + query predicate nonOverrideInvoke(LambdaExpr le, Method m, int pCount) { le.getAnonymousClass().getAMethod() = m and not m.hasModifier("override") and diff --git a/java/ql/test/kotlin/library-tests/exprs/samConversion.kt b/java/ql/test/kotlin/library-tests/exprs/samConversion.kt index 2856f839778..1952ab342c9 100644 --- a/java/ql/test/kotlin/library-tests/exprs/samConversion.kt +++ b/java/ql/test/kotlin/library-tests/exprs/samConversion.kt @@ -58,3 +58,20 @@ suspend fun test() { val i0 = InterfaceFn1Sus { a, b -> Unit } i0.fn1(1,2) } + +class PropertyRefsTest { + val x = 1 +} + +fun interface PropertyRefsGetter { + fun f(prt: PropertyRefsTest): Int +} + +fun interface IntGetter { + fun f(): Int +} + +fun propertyRefsTest(prt: PropertyRefsTest) { + val test1 = IntGetter(prt::x) + val test2 = PropertyRefsGetter(PropertyRefsTest::x) +} diff --git a/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected b/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected index bc306278495..452828db6ae 100644 --- a/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected +++ b/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected @@ -1,3 +1,23 @@ +| exprs.kt:22:17:22:21 | ~... | exprs.kt:22:15:22:15 | x | +| exprs.kt:32:15:32:26 | !... | exprs.kt:32:15:32:26 | contains(...) | +| exprs.kt:73:18:73:22 | ~... | exprs.kt:73:15:73:16 | lx | +| exprs.kt:115:14:115:16 | !... | exprs.kt:115:15:115:16 | b1 | | exprs.kt:196:19:196:20 | ...!! | exprs.kt:196:18:196:18 | x | | exprs.kt:205:20:205:21 | ...!! | exprs.kt:205:19:205:19 | s | | exprs.kt:206:20:206:21 | ...!! | exprs.kt:206:19:206:19 | s | +| exprs.kt:280:5:280:6 | -... | exprs.kt:280:6:280:6 | i | +| exprs.kt:281:5:281:6 | +... | exprs.kt:281:6:281:6 | i | +| exprs.kt:282:5:282:6 | -... | exprs.kt:282:6:282:6 | d | +| exprs.kt:283:5:283:6 | +... | exprs.kt:283:6:283:6 | d | +| exprs.kt:294:7:294:11 | ~... | exprs.kt:294:5:294:5 | i | +| exprs.kt:296:5:296:6 | -... | exprs.kt:296:6:296:6 | b | +| exprs.kt:297:5:297:6 | +... | exprs.kt:297:6:297:6 | b | +| exprs.kt:308:7:308:11 | ~... | exprs.kt:308:5:308:5 | b | +| exprs.kt:310:5:310:6 | -... | exprs.kt:310:6:310:6 | s | +| exprs.kt:311:5:311:6 | +... | exprs.kt:311:6:311:6 | s | +| exprs.kt:322:7:322:11 | ~... | exprs.kt:322:5:322:5 | s | +| exprs.kt:324:5:324:6 | -... | exprs.kt:324:6:324:6 | l | +| exprs.kt:325:5:325:6 | +... | exprs.kt:325:6:325:6 | l | +| exprs.kt:336:7:336:11 | ~... | exprs.kt:336:5:336:5 | l | +| exprs.kt:338:5:338:6 | +... | exprs.kt:338:6:338:6 | f | +| exprs.kt:339:5:339:6 | -... | exprs.kt:339:6:339:6 | f | diff --git a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected index b80b1311a64..7273e61ba4d 100644 --- a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected +++ b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected @@ -5,33 +5,34 @@ calls | Test.java:23:5:23:25 | getter(...) | Test.java:16:22:16:25 | user | Test.java:14:14:14:17 | Test | Generic2.class:0:0:0:0 | getter | Generic2.class:0:0:0:0 | Generic2 | | Test.java:26:5:26:35 | setter(...) | Test.java:16:22:16:25 | user | Test.java:14:14:14:17 | Test | Generic2.class:0:0:0:0 | setter | Generic2.class:0:0:0:0 | Generic2 | | Test.java:27:5:27:24 | getter(...) | Test.java:16:22:16:25 | user | Test.java:14:14:14:17 | Test | Generic2.class:0:0:0:0 | getter | Generic2.class:0:0:0:0 | Generic2 | -| test.kt:5:32:5:46 | identity(...) | test.kt:5:3:5:46 | identity2 | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | test.kt:1:1:10:1 | Generic | -| test.kt:7:21:7:26 | getStored(...) | test.kt:7:3:7:26 | getter | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | test.kt:1:1:10:1 | Generic | -| test.kt:8:26:8:31 | setStored(...) | test.kt:8:3:8:41 | setter | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | test.kt:1:1:10:1 | Generic | -| test.kt:15:13:15:35 | identity(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:16:13:16:36 | identity2(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:19:16:19:23 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:22:15:22:33 | setter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:23:15:23:22 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:5:32:5:46 | identity(...) | test.kt:5:3:5:46 | identity2 | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | test.kt:1:1:13:1 | Generic | +| test.kt:7:21:7:26 | getStored(...) | test.kt:7:3:7:26 | getter | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | test.kt:1:1:13:1 | Generic | +| test.kt:8:26:8:31 | setStored(...) | test.kt:8:3:8:41 | setter | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | test.kt:1:1:13:1 | Generic | +| test.kt:11:47:11:70 | privateid(...) | test.kt:11:3:11:70 | callPrivateId | test.kt:1:1:13:1 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | privateid | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:18:13:18:35 | identity(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:19:13:19:36 | identity2(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:22:16:22:23 | getter(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:25:15:25:33 | setter(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:26:15:26:22 | getter(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | constructors | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | Generic2 | Generic2() | | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | Generic2 | Generic2(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | Generic2 | Generic2(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | Generic2(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | Test() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.Void) | Void | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | -| test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | Generic(java.lang.Object) | T | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.Void) | Void | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | +| test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | Generic(java.lang.Object) | T | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | constructorCalls | Test.java:18:34:18:68 | new Generic2(...) | Generic2.class:0:0:0:0 | Generic2 | -| test.kt:14:19:14:48 | new Generic(...) | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:17:19:17:48 | new Generic(...) | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | refTypes | Test.java:1:7:1:14 | Generic2 | | Test.java:1:16:1:16 | T | | Test.java:14:14:14:17 | Test | | test.kt:0:0:0:0 | TestKt | -| test.kt:1:1:10:1 | Generic | +| test.kt:1:1:13:1 | Generic | | test.kt:1:15:1:15 | T | #select | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | @@ -51,28 +52,34 @@ refTypes | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | getter() | No parameters | T | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter | setter(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter | | Test.java:14:14:14:17 | Test | Test.java:16:22:16:25 | user | user() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:16:22:16:25 | user | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.Void) | Void | String | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.Void) | Void | String | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.Void) | Void | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.Void) | Void | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | Object | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | Object | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | Object | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | Object | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | -| test.kt:0:0:0:0 | TestKt | test.kt:12:1:25:1 | user | user() | No parameters | void | test.kt:0:0:0:0 | TestKt | test.kt:12:1:25:1 | user | -| test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | getStored() | No parameters | T | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | setStored(java.lang.Object) | T | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | identity2(java.lang.Object) | T | T | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | identity(java.lang.Object) | T | T | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | getter() | No parameters | T | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | setter(java.lang.Object) | T | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.Void) | Void | String | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.Void) | Void | String | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.Void) | Void | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.Void) | Void | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | Object | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | Object | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | Object | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | Object | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | privateid | privateid(java.lang.String) | String | String | test.kt:1:1:13:1 | Generic | test.kt:10:11:10:41 | privateid | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| test.kt:0:0:0:0 | TestKt | test.kt:15:1:28:1 | user | user() | No parameters | void | test.kt:0:0:0:0 | TestKt | test.kt:15:1:28:1 | user | +| test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | getStored() | No parameters | T | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | setStored(java.lang.Object) | T | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | identity2(java.lang.Object) | T | T | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | identity(java.lang.Object) | T | T | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | getter() | No parameters | T | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | setter(java.lang.Object) | T | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| test.kt:1:1:13:1 | Generic | test.kt:10:11:10:41 | privateid | privateid(java.lang.Object) | T | T | test.kt:1:1:13:1 | Generic | test.kt:10:11:10:41 | privateid | +| test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | diff --git a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt index 1b253e31388..064d4e654ba 100644 --- a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt +++ b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt @@ -7,6 +7,9 @@ class Generic(init: T) { fun getter(): T = stored fun setter(param: T) { stored = param } + private fun privateid(param: T) = param + fun callPrivateId(gs: Generic) = gs.privateid("hello world") + } fun user() { @@ -23,5 +26,3 @@ fun user() { projectedIn.getter() } - - diff --git a/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt b/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt index be8417863d8..af5150b161a 100644 --- a/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt +++ b/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt @@ -4,13 +4,13 @@ open class TestKt { } -interface ParentIf { +interface ParentIfK { fun inheritedInterfaceMethodK() } -interface ChildIf : ParentIf { +interface ChildIfK : ParentIfK { } @@ -24,7 +24,7 @@ class ChildKt : TestKt() { c.equals(c) c.hashCode() c.inheritMe() - val c2: ParentIf? = null + val c2: ParentIfK? = null c2?.inheritedInterfaceMethodK() } diff --git a/java/ql/test/kotlin/library-tests/inherited-callee/test.expected b/java/ql/test/kotlin/library-tests/inherited-callee/test.expected index 38f8f9f0666..31ae3ae4d83 100644 --- a/java/ql/test/kotlin/library-tests/inherited-callee/test.expected +++ b/java/ql/test/kotlin/library-tests/inherited-callee/test.expected @@ -7,4 +7,4 @@ | Test.kt:24:7:24:15 | equals(...) | equals | Object | | Test.kt:25:7:25:16 | hashCode(...) | hashCode | Object | | Test.kt:26:7:26:17 | inheritMe(...) | inheritMe | TestKt | -| Test.kt:28:9:28:35 | inheritedInterfaceMethodK(...) | inheritedInterfaceMethodK | ParentIf | +| Test.kt:28:9:28:35 | inheritedInterfaceMethodK(...) | inheritedInterfaceMethodK | ParentIfK | diff --git a/java/ql/test/kotlin/library-tests/java-lang-number-conversions/CONSISTENCY/javaEquivalent.expected b/java/ql/test/kotlin/library-tests/java-lang-number-conversions/CONSISTENCY/javaEquivalent.expected new file mode 100644 index 00000000000..f7f40a8fe15 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/java-lang-number-conversions/CONSISTENCY/javaEquivalent.expected @@ -0,0 +1,6 @@ +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toByte in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toDouble in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toFloat in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toLong in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toShort in java.lang.Byte | diff --git a/java/ql/test/kotlin/library-tests/java-map-methods/CONSISTENCY/javaEquivalent.expected b/java/ql/test/kotlin/library-tests/java-map-methods/CONSISTENCY/javaEquivalent.expected new file mode 100644 index 00000000000..37eaebeaf37 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/java-map-methods/CONSISTENCY/javaEquivalent.expected @@ -0,0 +1 @@ +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Number.toChar in java.lang.Number | diff --git a/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.expected b/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.expected new file mode 100644 index 00000000000..978c4777b09 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.expected @@ -0,0 +1,178 @@ +test.kt: +# 0| [CompilationUnit] test +# 0| 1: [Class] TestKt +# 1| 1: [Method] test +# 1| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 1| 0: [Parameter] m +# 1| 0: [TypeAccess] Map +# 1| 0: [TypeAccess] Integer +# 1| 1: [TypeAccess] Integer +# 1| 5: [BlockStmt] { ... } +# 1| 0: [ReturnStmt] return ... +# 1| 0: [MethodAccess] getOrDefault(...) +# 1| -1: [VarAccess] m +# 1| 0: [IntegerLiteral] 1 +# 1| 1: [IntegerLiteral] 2 +# 3| 2: [Method] test2 +# 3| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 3| 0: [Parameter] s +# 3| 0: [TypeAccess] String +# 3| 5: [BlockStmt] { ... } +# 3| 0: [ReturnStmt] return ... +# 3| 0: [MethodAccess] length(...) +# 3| -1: [VarAccess] s +# 5| 3: [Method] remove +# 5| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 5| 0: [Parameter] l +# 5| 0: [TypeAccess] List +# 5| 0: [TypeAccess] Integer +# 5| 5: [BlockStmt] { ... } +# 6| 0: [ExprStmt] ; +# 6| 0: [ImplicitCoercionToUnitExpr] +# 6| 0: [TypeAccess] Unit +# 6| 1: [MethodAccess] remove(...) +# 6| -1: [VarAccess] l +# 6| 0: [IntegerLiteral] 5 +# 9| 4: [Method] fn1 +# 9| 3: [TypeAccess] String +#-----| 4: (Parameters) +# 9| 0: [Parameter] s +# 9| 0: [TypeAccess] String +# 9| 5: [BlockStmt] { ... } +# 9| 0: [ReturnStmt] return ... +# 9| 0: [AddExpr] ... + ... +# 9| 0: [VarAccess] s +# 9| 1: [StringLiteral] +# 10| 5: [Method] fn2 +# 10| 3: [TypeAccess] String +#-----| 4: (Parameters) +# 10| 0: [Parameter] s +# 10| 0: [TypeAccess] String +# 10| 5: [BlockStmt] { ... } +# 10| 0: [ReturnStmt] return ... +# 10| 0: [AddExpr] ... + ... +# 10| 0: [VarAccess] s +# 10| 1: [StringLiteral] +# 12| 6: [Method] fn1 +# 12| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 12| 0: [Parameter] i +# 12| 0: [TypeAccess] int +# 12| 5: [BlockStmt] { ... } +# 12| 0: [ReturnStmt] return ... +# 12| 0: [SubExpr] ... - ... +# 12| 0: [VarAccess] i +# 12| 1: [IntegerLiteral] 10 +# 13| 7: [Method] fn2 +# 13| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 13| 0: [Parameter] i +# 13| 0: [TypeAccess] int +# 13| 5: [BlockStmt] { ... } +# 13| 0: [ReturnStmt] return ... +# 13| 0: [SubExpr] ... - ... +# 13| 0: [VarAccess] i +# 13| 1: [IntegerLiteral] 10 +# 15| 8: [Method] special +# 15| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 15| 0: [Parameter] n +# 15| 0: [TypeAccess] Number +# 15| 1: [Parameter] m +# 15| 0: [TypeAccess] Map +# 15| 0: [TypeAccess] String +# 15| 1: [TypeAccess] String +# 15| 2: [Parameter] s +# 15| 0: [TypeAccess] String +# 15| 3: [Parameter] l +# 15| 0: [TypeAccess] List +# 15| 0: [TypeAccess] Integer +# 15| 5: [BlockStmt] { ... } +# 16| 0: [ExprStmt] ; +# 16| 0: [ImplicitCoercionToUnitExpr] +# 16| 0: [TypeAccess] Unit +# 16| 1: [MethodAccess] charAt(...) +# 16| -1: [VarAccess] s +# 16| 0: [IntegerLiteral] 1 +# 17| 1: [ExprStmt] ; +# 17| 0: [ImplicitCoercionToUnitExpr] +# 17| 0: [TypeAccess] Unit +# 17| 1: [MethodAccess] charAt(...) +# 17| -1: [VarAccess] s +# 17| 0: [IntegerLiteral] 1 +# 18| 2: [ExprStmt] ; +# 18| 0: [ImplicitCoercionToUnitExpr] +# 18| 0: [TypeAccess] Unit +# 18| 1: [MethodAccess] doubleValue(...) +# 18| -1: [VarAccess] n +# 19| 3: [ExprStmt] ; +# 19| 0: [ImplicitCoercionToUnitExpr] +# 19| 0: [TypeAccess] Unit +# 19| 1: [MethodAccess] byteValue(...) +# 19| -1: [VarAccess] n +# 20| 4: [ExprStmt] ; +# 20| 0: [ImplicitCoercionToUnitExpr] +# 20| 0: [TypeAccess] Unit +# 20| 1: [MethodAccess] toChar(...) +# 20| -1: [VarAccess] n +# 21| 5: [ExprStmt] ; +# 21| 0: [ImplicitCoercionToUnitExpr] +# 21| 0: [TypeAccess] Unit +# 21| 1: [MethodAccess] floatValue(...) +# 21| -1: [VarAccess] n +# 22| 6: [ExprStmt] ; +# 22| 0: [ImplicitCoercionToUnitExpr] +# 22| 0: [TypeAccess] Unit +# 22| 1: [MethodAccess] intValue(...) +# 22| -1: [VarAccess] n +# 23| 7: [ExprStmt] ; +# 23| 0: [ImplicitCoercionToUnitExpr] +# 23| 0: [TypeAccess] Unit +# 23| 1: [MethodAccess] shortValue(...) +# 23| -1: [VarAccess] n +# 24| 8: [ExprStmt] ; +# 24| 0: [ImplicitCoercionToUnitExpr] +# 24| 0: [TypeAccess] Unit +# 24| 1: [MethodAccess] keySet(...) +# 24| -1: [VarAccess] m +# 25| 9: [ExprStmt] ; +# 25| 0: [ImplicitCoercionToUnitExpr] +# 25| 0: [TypeAccess] Unit +# 25| 1: [MethodAccess] values(...) +# 25| -1: [VarAccess] m +# 26| 10: [ExprStmt] ; +# 26| 0: [ImplicitCoercionToUnitExpr] +# 26| 0: [TypeAccess] Unit +# 26| 1: [MethodAccess] entrySet(...) +# 26| -1: [VarAccess] m +# 27| 11: [ExprStmt] ; +# 27| 0: [ImplicitCoercionToUnitExpr] +# 27| 0: [TypeAccess] Unit +# 27| 1: [MethodAccess] remove(...) +# 27| -1: [VarAccess] l +# 27| 0: [IntegerLiteral] 1 +# 28| 12: [ExprStmt] ; +# 28| 0: [ImplicitCoercionToUnitExpr] +# 28| 0: [TypeAccess] Unit +# 28| 1: [MethodAccess] getKey(...) +# 28| -1: [MethodAccess] first(...) +# 28| -2: [TypeAccess] Entry +# 28| 0: [TypeAccess] String +# 28| 1: [TypeAccess] String +# 28| -1: [TypeAccess] CollectionsKt +# 28| 0: [MethodAccess] entrySet(...) +# 28| -1: [VarAccess] m +# 29| 13: [ExprStmt] ; +# 29| 0: [ImplicitCoercionToUnitExpr] +# 29| 0: [TypeAccess] Unit +# 29| 1: [MethodAccess] getValue(...) +# 29| -1: [MethodAccess] first(...) +# 29| -2: [TypeAccess] Entry +# 29| 0: [TypeAccess] String +# 29| 1: [TypeAccess] String +# 29| -1: [TypeAccess] CollectionsKt +# 29| 0: [MethodAccess] entrySet(...) +# 29| -1: [VarAccess] m diff --git a/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.qlref b/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.qlref new file mode 100644 index 00000000000..c7fd5faf239 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.qlref @@ -0,0 +1 @@ +semmle/code/java/PrintAst.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/java-map-methods/test.expected b/java/ql/test/kotlin/library-tests/java-map-methods/test.expected index 064d317171e..66fb9f6ea55 100644 --- a/java/ql/test/kotlin/library-tests/java-map-methods/test.expected +++ b/java/ql/test/kotlin/library-tests/java-map-methods/test.expected @@ -1,4 +1,7 @@ diagnostics +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Number.toChar in java.lang.Number | #select | Integer | +| Iterable | | Object | +| int | diff --git a/java/ql/test/kotlin/library-tests/java-map-methods/test.kt b/java/ql/test/kotlin/library-tests/java-map-methods/test.kt index 0edaadff5a1..49cb6205e47 100644 --- a/java/ql/test/kotlin/library-tests/java-map-methods/test.kt +++ b/java/ql/test/kotlin/library-tests/java-map-methods/test.kt @@ -1,3 +1,30 @@ fun test(m: Map) = m.getOrDefault(1, 2) fun test2(s: String) = s.length + +fun remove(l: MutableList) { + l.remove(5) +} + +fun fn1(s: String) = s.plus(other = "") +fun fn2(s: String) = s + "" + +fun fn1(i: Int) = i.minus(10) +fun fn2(i: Int) = i - 10 + +fun special(n: Number, m: Map, s: String, l: MutableList) { + s[1] + s.get(1) + n.toDouble() + n.toByte() + n.toChar() + n.toFloat() + n.toInt() + n.toShort() + m.keys + m.values + m.entries + l.removeAt(1) + m.entries.first().key + m.entries.first().value +} diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.expected b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.expected new file mode 100644 index 00000000000..4c7b75edc3a --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.expected @@ -0,0 +1,1016 @@ +test.kt: +# 0| [CompilationUnit] test +# 0| 1: [Class] TestKt +# 1| 1: [Method] getString +# 1| 3: [TypeAccess] String +# 1| 5: [BlockStmt] { ... } +# 1| 0: [ReturnStmt] return ... +# 1| 0: [StringLiteral] Hello world +# 45| 2: [ExtensionMethod] testExtensionFunction +# 45| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 45| 0: [Parameter] +# 45| 0: [TypeAccess] Test +# 45| 1: [Parameter] a +# 45| 0: [TypeAccess] int +# 45| 2: [Parameter] c +# 45| 0: [TypeAccess] double +# 45| 3: [Parameter] e +# 45| 0: [TypeAccess] boolean +# 45| 5: [BlockStmt] { ... } +# 45| 0: [ReturnStmt] return ... +# 45| 0: [MethodAccess] testExtensionFunction(...) +# 45| -1: [TypeAccess] TestKt +# 45| 0: [ExtensionReceiverAccess] this +# 45| 1: [VarAccess] a +# 45| 2: [MethodAccess] getString(...) +# 45| -1: [TypeAccess] TestKt +# 45| 3: [VarAccess] c +# 45| 4: [FloatLiteral] 1.0 +# 45| 5: [VarAccess] e +# 45| 3: [ExtensionMethod] testExtensionFunction +# 45| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 45| 0: [Parameter] +# 45| 0: [TypeAccess] Test +# 45| 1: [Parameter] a +# 45| 0: [TypeAccess] int +# 45| 2: [Parameter] b +# 45| 0: [TypeAccess] String +# 45| 3: [Parameter] c +# 45| 0: [TypeAccess] double +# 45| 4: [Parameter] e +# 45| 0: [TypeAccess] boolean +# 45| 5: [BlockStmt] { ... } +# 45| 0: [ReturnStmt] return ... +# 45| 0: [MethodAccess] testExtensionFunction(...) +# 45| -1: [TypeAccess] TestKt +# 45| 0: [ExtensionReceiverAccess] this +# 45| 1: [VarAccess] a +# 45| 2: [VarAccess] b +# 45| 3: [VarAccess] c +# 45| 4: [FloatLiteral] 1.0 +# 45| 5: [VarAccess] e +# 45| 4: [ExtensionMethod] testExtensionFunction +# 45| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 45| 0: [Parameter] +# 45| 0: [TypeAccess] Test +# 45| 1: [Parameter] a +# 45| 0: [TypeAccess] int +# 45| 2: [Parameter] b +# 45| 0: [TypeAccess] String +# 45| 3: [Parameter] c +# 45| 0: [TypeAccess] double +# 45| 4: [Parameter] d +# 45| 0: [TypeAccess] float +# 45| 5: [Parameter] e +# 45| 0: [TypeAccess] boolean +# 45| 5: [BlockStmt] { ... } +# 45| 0: [ReturnStmt] return ... +# 45| 0: [VarAccess] a +# 45| 5: [Method] testExtensionFunction$default +# 45| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 45| 0: [Parameter] p0 +# 45| 0: [TypeAccess] Test +# 45| 1: [Parameter] p1 +# 45| 0: [TypeAccess] int +# 45| 2: [Parameter] p2 +# 45| 0: [TypeAccess] String +# 45| 3: [Parameter] p3 +# 45| 0: [TypeAccess] double +# 45| 4: [Parameter] p4 +# 45| 0: [TypeAccess] float +# 45| 5: [Parameter] p5 +# 45| 0: [TypeAccess] boolean +# 45| 6: [Parameter] p6 +# 45| 0: [TypeAccess] int +# 45| 7: [Parameter] p7 +# 45| 0: [TypeAccess] Object +# 45| 5: [BlockStmt] { ... } +# 45| 0: [IfStmt] if (...) +# 45| 0: [EQExpr] ... == ... +# 45| 0: [AndBitwiseExpr] ... & ... +# 45| 0: [IntegerLiteral] 2 +# 45| 1: [VarAccess] p6 +# 45| 1: [IntegerLiteral] 0 +# 45| 1: [ExprStmt] ; +# 45| 0: [AssignExpr] ...=... +# 45| 0: [VarAccess] p2 +# 45| 1: [MethodAccess] getString(...) +# 45| -1: [TypeAccess] TestKt +# 45| 1: [IfStmt] if (...) +# 45| 0: [EQExpr] ... == ... +# 45| 0: [AndBitwiseExpr] ... & ... +# 45| 0: [IntegerLiteral] 8 +# 45| 1: [VarAccess] p6 +# 45| 1: [IntegerLiteral] 0 +# 45| 1: [ExprStmt] ; +# 45| 0: [AssignExpr] ...=... +# 45| 0: [VarAccess] p4 +# 45| 1: [FloatLiteral] 1.0 +# 45| 2: [ReturnStmt] return ... +# 45| 0: [MethodAccess] testExtensionFunction(...) +# 45| -1: [TypeAccess] TestKt +# 45| 0: [VarAccess] p0 +# 45| 1: [VarAccess] p1 +# 45| 2: [VarAccess] p2 +# 45| 3: [VarAccess] p3 +# 45| 4: [VarAccess] p4 +# 45| 5: [VarAccess] p5 +# 3| 2: [Class] Test +# 3| 1: [Constructor] Test +# 3| 5: [BlockStmt] { ... } +# 3| 0: [SuperConstructorInvocationStmt] super(...) +# 3| 1: [BlockStmt] { ... } +# 6| 2: [Method] testStaticFunction +# 6| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 6| 0: [Parameter] a +# 6| 0: [TypeAccess] int +# 6| 1: [Parameter] c +# 6| 0: [TypeAccess] double +# 6| 2: [Parameter] e +# 6| 0: [TypeAccess] boolean +# 6| 5: [BlockStmt] { ... } +# 6| 0: [ReturnStmt] return ... +# 6| 0: [MethodAccess] testStaticFunction(...) +# 6| -1: [TypeAccess] Test +# 6| 0: [VarAccess] a +# 6| 1: [MethodAccess] getString(...) +# 6| -1: [TypeAccess] TestKt +# 6| 2: [VarAccess] c +# 6| 3: [FloatLiteral] 1.0 +# 6| 4: [VarAccess] e +# 6| 3: [Method] testStaticFunction +# 6| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 6| 0: [Parameter] a +# 6| 0: [TypeAccess] int +# 6| 1: [Parameter] b +# 6| 0: [TypeAccess] String +# 6| 2: [Parameter] c +# 6| 0: [TypeAccess] double +# 6| 3: [Parameter] e +# 6| 0: [TypeAccess] boolean +# 6| 5: [BlockStmt] { ... } +# 6| 0: [ReturnStmt] return ... +# 6| 0: [MethodAccess] testStaticFunction(...) +# 6| -1: [TypeAccess] Test +# 6| 0: [VarAccess] a +# 6| 1: [VarAccess] b +# 6| 2: [VarAccess] c +# 6| 3: [FloatLiteral] 1.0 +# 6| 4: [VarAccess] e +# 6| 4: [Method] testStaticFunction +# 6| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 6| 0: [Parameter] a +# 6| 0: [TypeAccess] int +# 6| 1: [Parameter] b +# 6| 0: [TypeAccess] String +# 6| 2: [Parameter] c +# 6| 0: [TypeAccess] double +# 6| 3: [Parameter] d +# 6| 0: [TypeAccess] float +# 6| 4: [Parameter] e +# 6| 0: [TypeAccess] boolean +# 6| 5: [BlockStmt] { ... } +# 6| 0: [ReturnStmt] return ... +# 6| 0: [VarAccess] a +# 6| 5: [Method] testStaticFunction$default +# 6| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 6| 0: [Parameter] p0 +# 6| 0: [TypeAccess] int +# 6| 1: [Parameter] p1 +# 6| 0: [TypeAccess] String +# 6| 2: [Parameter] p2 +# 6| 0: [TypeAccess] double +# 6| 3: [Parameter] p3 +# 6| 0: [TypeAccess] float +# 6| 4: [Parameter] p4 +# 6| 0: [TypeAccess] boolean +# 6| 5: [Parameter] p5 +# 6| 0: [TypeAccess] int +# 6| 6: [Parameter] p6 +# 6| 0: [TypeAccess] Object +# 6| 5: [BlockStmt] { ... } +# 6| 0: [IfStmt] if (...) +# 6| 0: [EQExpr] ... == ... +# 6| 0: [AndBitwiseExpr] ... & ... +# 6| 0: [IntegerLiteral] 2 +# 6| 1: [VarAccess] p5 +# 6| 1: [IntegerLiteral] 0 +# 6| 1: [ExprStmt] ; +# 6| 0: [AssignExpr] ...=... +# 6| 0: [VarAccess] p1 +# 6| 1: [MethodAccess] getString(...) +# 6| -1: [TypeAccess] TestKt +# 6| 1: [IfStmt] if (...) +# 6| 0: [EQExpr] ... == ... +# 6| 0: [AndBitwiseExpr] ... & ... +# 6| 0: [IntegerLiteral] 8 +# 6| 1: [VarAccess] p5 +# 6| 1: [IntegerLiteral] 0 +# 6| 1: [ExprStmt] ; +# 6| 0: [AssignExpr] ...=... +# 6| 0: [VarAccess] p3 +# 6| 1: [FloatLiteral] 1.0 +# 6| 2: [ReturnStmt] return ... +# 6| 0: [MethodAccess] testStaticFunction(...) +# 6| -1: [TypeAccess] Test +# 6| 0: [VarAccess] p0 +# 6| 1: [VarAccess] p1 +# 6| 2: [VarAccess] p2 +# 6| 3: [VarAccess] p3 +# 6| 4: [VarAccess] p4 +# 9| 6: [Method] testMemberFunction +# 9| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 9| 0: [Parameter] a +# 9| 0: [TypeAccess] int +# 9| 1: [Parameter] c +# 9| 0: [TypeAccess] double +# 9| 2: [Parameter] e +# 9| 0: [TypeAccess] boolean +# 9| 5: [BlockStmt] { ... } +# 9| 0: [ReturnStmt] return ... +# 9| 0: [MethodAccess] testMemberFunction(...) +# 9| -1: [ThisAccess] this +# 9| 0: [VarAccess] a +# 9| 1: [MethodAccess] getString(...) +# 9| -1: [TypeAccess] TestKt +# 9| 2: [VarAccess] c +# 9| 3: [FloatLiteral] 1.0 +# 9| 4: [VarAccess] e +# 9| 7: [Method] testMemberFunction +# 9| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 9| 0: [Parameter] a +# 9| 0: [TypeAccess] int +# 9| 1: [Parameter] b +# 9| 0: [TypeAccess] String +# 9| 2: [Parameter] c +# 9| 0: [TypeAccess] double +# 9| 3: [Parameter] e +# 9| 0: [TypeAccess] boolean +# 9| 5: [BlockStmt] { ... } +# 9| 0: [ReturnStmt] return ... +# 9| 0: [MethodAccess] testMemberFunction(...) +# 9| -1: [ThisAccess] this +# 9| 0: [VarAccess] a +# 9| 1: [VarAccess] b +# 9| 2: [VarAccess] c +# 9| 3: [FloatLiteral] 1.0 +# 9| 4: [VarAccess] e +# 9| 8: [Method] testMemberFunction +# 9| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 9| 0: [Parameter] a +# 9| 0: [TypeAccess] int +# 9| 1: [Parameter] b +# 9| 0: [TypeAccess] String +# 9| 2: [Parameter] c +# 9| 0: [TypeAccess] double +# 9| 3: [Parameter] d +# 9| 0: [TypeAccess] float +# 9| 4: [Parameter] e +# 9| 0: [TypeAccess] boolean +# 9| 5: [BlockStmt] { ... } +# 9| 0: [ReturnStmt] return ... +# 9| 0: [VarAccess] a +# 9| 9: [Method] testMemberFunction$default +# 9| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 9| 0: [Parameter] p0 +# 9| 0: [TypeAccess] Test +# 9| 1: [Parameter] p1 +# 9| 0: [TypeAccess] int +# 9| 2: [Parameter] p2 +# 9| 0: [TypeAccess] String +# 9| 3: [Parameter] p3 +# 9| 0: [TypeAccess] double +# 9| 4: [Parameter] p4 +# 9| 0: [TypeAccess] float +# 9| 5: [Parameter] p5 +# 9| 0: [TypeAccess] boolean +# 9| 6: [Parameter] p6 +# 9| 0: [TypeAccess] int +# 9| 7: [Parameter] p7 +# 9| 0: [TypeAccess] Object +# 9| 5: [BlockStmt] { ... } +# 9| 0: [IfStmt] if (...) +# 9| 0: [EQExpr] ... == ... +# 9| 0: [AndBitwiseExpr] ... & ... +# 9| 0: [IntegerLiteral] 2 +# 9| 1: [VarAccess] p6 +# 9| 1: [IntegerLiteral] 0 +# 9| 1: [ExprStmt] ; +# 9| 0: [AssignExpr] ...=... +# 9| 0: [VarAccess] p2 +# 9| 1: [MethodAccess] getString(...) +# 9| -1: [TypeAccess] TestKt +# 9| 1: [IfStmt] if (...) +# 9| 0: [EQExpr] ... == ... +# 9| 0: [AndBitwiseExpr] ... & ... +# 9| 0: [IntegerLiteral] 8 +# 9| 1: [VarAccess] p6 +# 9| 1: [IntegerLiteral] 0 +# 9| 1: [ExprStmt] ; +# 9| 0: [AssignExpr] ...=... +# 9| 0: [VarAccess] p4 +# 9| 1: [FloatLiteral] 1.0 +# 9| 2: [ReturnStmt] return ... +# 9| 0: [MethodAccess] testMemberFunction(...) +# 9| -1: [VarAccess] p0 +# 9| 0: [VarAccess] p1 +# 9| 1: [VarAccess] p2 +# 9| 2: [VarAccess] p3 +# 9| 3: [VarAccess] p4 +# 9| 4: [VarAccess] p5 +# 12| 10: [ExtensionMethod] testMemberExtensionFunction +# 12| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 12| 0: [Parameter] +# 12| 0: [TypeAccess] Test2 +# 12| 1: [Parameter] a +# 12| 0: [TypeAccess] int +# 12| 2: [Parameter] c +# 12| 0: [TypeAccess] double +# 12| 3: [Parameter] e +# 12| 0: [TypeAccess] boolean +# 12| 5: [BlockStmt] { ... } +# 12| 0: [ReturnStmt] return ... +# 12| 0: [MethodAccess] testMemberExtensionFunction(...) +# 12| -1: [ThisAccess] this +# 12| 0: [ExtensionReceiverAccess] this +# 12| 1: [VarAccess] a +# 12| 2: [MethodAccess] getString(...) +# 12| -1: [TypeAccess] TestKt +# 12| 3: [VarAccess] c +# 12| 4: [FloatLiteral] 1.0 +# 12| 5: [VarAccess] e +# 12| 11: [ExtensionMethod] testMemberExtensionFunction +# 12| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 12| 0: [Parameter] +# 12| 0: [TypeAccess] Test2 +# 12| 1: [Parameter] a +# 12| 0: [TypeAccess] int +# 12| 2: [Parameter] b +# 12| 0: [TypeAccess] String +# 12| 3: [Parameter] c +# 12| 0: [TypeAccess] double +# 12| 4: [Parameter] e +# 12| 0: [TypeAccess] boolean +# 12| 5: [BlockStmt] { ... } +# 12| 0: [ReturnStmt] return ... +# 12| 0: [MethodAccess] testMemberExtensionFunction(...) +# 12| -1: [ThisAccess] this +# 12| 0: [ExtensionReceiverAccess] this +# 12| 1: [VarAccess] a +# 12| 2: [VarAccess] b +# 12| 3: [VarAccess] c +# 12| 4: [FloatLiteral] 1.0 +# 12| 5: [VarAccess] e +# 12| 12: [ExtensionMethod] testMemberExtensionFunction +# 12| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 12| 0: [Parameter] +# 12| 0: [TypeAccess] Test2 +# 12| 1: [Parameter] a +# 12| 0: [TypeAccess] int +# 12| 2: [Parameter] b +# 12| 0: [TypeAccess] String +# 12| 3: [Parameter] c +# 12| 0: [TypeAccess] double +# 12| 4: [Parameter] d +# 12| 0: [TypeAccess] float +# 12| 5: [Parameter] e +# 12| 0: [TypeAccess] boolean +# 12| 5: [BlockStmt] { ... } +# 12| 0: [ReturnStmt] return ... +# 12| 0: [VarAccess] a +# 12| 13: [Method] testMemberExtensionFunction$default +# 12| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 12| 0: [Parameter] p0 +# 12| 0: [TypeAccess] Test2 +# 12| 1: [Parameter] p1 +# 12| 0: [TypeAccess] Test +# 12| 2: [Parameter] p2 +# 12| 0: [TypeAccess] int +# 12| 3: [Parameter] p3 +# 12| 0: [TypeAccess] String +# 12| 4: [Parameter] p4 +# 12| 0: [TypeAccess] double +# 12| 5: [Parameter] p5 +# 12| 0: [TypeAccess] float +# 12| 6: [Parameter] p6 +# 12| 0: [TypeAccess] boolean +# 12| 7: [Parameter] p7 +# 12| 0: [TypeAccess] int +# 12| 8: [Parameter] p8 +# 12| 0: [TypeAccess] Object +# 12| 5: [BlockStmt] { ... } +# 12| 0: [IfStmt] if (...) +# 12| 0: [EQExpr] ... == ... +# 12| 0: [AndBitwiseExpr] ... & ... +# 12| 0: [IntegerLiteral] 2 +# 12| 1: [VarAccess] p7 +# 12| 1: [IntegerLiteral] 0 +# 12| 1: [ExprStmt] ; +# 12| 0: [AssignExpr] ...=... +# 12| 0: [VarAccess] p3 +# 12| 1: [MethodAccess] getString(...) +# 12| -1: [TypeAccess] TestKt +# 12| 1: [IfStmt] if (...) +# 12| 0: [EQExpr] ... == ... +# 12| 0: [AndBitwiseExpr] ... & ... +# 12| 0: [IntegerLiteral] 8 +# 12| 1: [VarAccess] p7 +# 12| 1: [IntegerLiteral] 0 +# 12| 1: [ExprStmt] ; +# 12| 0: [AssignExpr] ...=... +# 12| 0: [VarAccess] p5 +# 12| 1: [FloatLiteral] 1.0 +# 12| 2: [ReturnStmt] return ... +# 12| 0: [MethodAccess] testMemberExtensionFunction(...) +# 12| -1: [VarAccess] p1 +# 12| 0: [VarAccess] p0 +# 12| 1: [VarAccess] p2 +# 12| 2: [VarAccess] p3 +# 12| 3: [VarAccess] p4 +# 12| 4: [VarAccess] p5 +# 12| 5: [VarAccess] p6 +# 16| 3: [Class] Test2 +# 16| 1: [Constructor] Test2 +#-----| 4: (Parameters) +# 16| 0: [Parameter] a +# 16| 0: [TypeAccess] int +# 16| 1: [Parameter] c +# 16| 0: [TypeAccess] double +# 16| 2: [Parameter] e +# 16| 0: [TypeAccess] boolean +# 16| 5: [BlockStmt] { ... } +# 16| 0: [ThisConstructorInvocationStmt] this(...) +# 16| 0: [VarAccess] a +# 16| 1: [MethodAccess] getString(...) +# 16| -1: [TypeAccess] TestKt +# 16| 2: [VarAccess] c +# 16| 3: [FloatLiteral] 1.0 +# 16| 4: [VarAccess] e +# 16| 2: [Constructor] Test2 +#-----| 4: (Parameters) +# 16| 0: [Parameter] a +# 16| 0: [TypeAccess] int +# 16| 1: [Parameter] b +# 16| 0: [TypeAccess] String +# 16| 2: [Parameter] c +# 16| 0: [TypeAccess] double +# 16| 3: [Parameter] e +# 16| 0: [TypeAccess] boolean +# 16| 5: [BlockStmt] { ... } +# 16| 0: [ThisConstructorInvocationStmt] this(...) +# 16| 0: [VarAccess] a +# 16| 1: [VarAccess] b +# 16| 2: [VarAccess] c +# 16| 3: [FloatLiteral] 1.0 +# 16| 4: [VarAccess] e +# 16| 3: [Constructor] Test2 +#-----| 4: (Parameters) +# 16| 0: [Parameter] a +# 16| 0: [TypeAccess] int +# 16| 1: [Parameter] b +# 16| 0: [TypeAccess] String +# 16| 2: [Parameter] c +# 16| 0: [TypeAccess] double +# 16| 3: [Parameter] d +# 16| 0: [TypeAccess] float +# 16| 4: [Parameter] e +# 16| 0: [TypeAccess] boolean +# 16| 5: [BlockStmt] { ... } +# 16| 0: [SuperConstructorInvocationStmt] super(...) +# 16| 1: [BlockStmt] { ... } +# 16| 4: [Constructor] Test2 +#-----| 4: (Parameters) +# 16| 0: [Parameter] p0 +# 16| 0: [TypeAccess] int +# 16| 1: [Parameter] p1 +# 16| 0: [TypeAccess] String +# 16| 2: [Parameter] p2 +# 16| 0: [TypeAccess] double +# 16| 3: [Parameter] p3 +# 16| 0: [TypeAccess] float +# 16| 4: [Parameter] p4 +# 16| 0: [TypeAccess] boolean +# 16| 5: [Parameter] p5 +# 16| 0: [TypeAccess] int +# 16| 6: [Parameter] p6 +# 16| 0: [TypeAccess] DefaultConstructorMarker +# 16| 5: [BlockStmt] { ... } +# 16| 0: [IfStmt] if (...) +# 16| 0: [EQExpr] ... == ... +# 16| 0: [AndBitwiseExpr] ... & ... +# 16| 0: [IntegerLiteral] 2 +# 16| 1: [VarAccess] p5 +# 16| 1: [IntegerLiteral] 0 +# 16| 1: [ExprStmt] ; +# 16| 0: [AssignExpr] ...=... +# 16| 0: [VarAccess] p1 +# 16| 1: [MethodAccess] getString(...) +# 16| -1: [TypeAccess] TestKt +# 16| 1: [IfStmt] if (...) +# 16| 0: [EQExpr] ... == ... +# 16| 0: [AndBitwiseExpr] ... & ... +# 16| 0: [IntegerLiteral] 8 +# 16| 1: [VarAccess] p5 +# 16| 1: [IntegerLiteral] 0 +# 16| 1: [ExprStmt] ; +# 16| 0: [AssignExpr] ...=... +# 16| 0: [VarAccess] p3 +# 16| 1: [FloatLiteral] 1.0 +# 16| 2: [ThisConstructorInvocationStmt] this(...) +# 16| 0: [VarAccess] p0 +# 16| 1: [VarAccess] p1 +# 16| 2: [VarAccess] p2 +# 16| 3: [VarAccess] p3 +# 16| 4: [VarAccess] p4 +# 18| 5: [Class] Companion +# 18| 1: [Constructor] Companion +# 18| 5: [BlockStmt] { ... } +# 18| 0: [SuperConstructorInvocationStmt] super(...) +# 18| 1: [BlockStmt] { ... } +# 21| 2: [Method] testCompanionFunction +# 21| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 21| 0: [Parameter] a +# 21| 0: [TypeAccess] int +# 21| 1: [Parameter] c +# 21| 0: [TypeAccess] double +# 21| 2: [Parameter] e +# 21| 0: [TypeAccess] boolean +# 21| 5: [BlockStmt] { ... } +# 21| 0: [ReturnStmt] return ... +# 21| 0: [MethodAccess] testCompanionFunction(...) +# 21| -1: [ThisAccess] this +# 21| 0: [VarAccess] a +# 21| 1: [MethodAccess] getString(...) +# 21| -1: [TypeAccess] TestKt +# 21| 2: [VarAccess] c +# 21| 3: [FloatLiteral] 1.0 +# 21| 4: [VarAccess] e +# 21| 3: [Method] testCompanionFunction +# 21| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 21| 0: [Parameter] a +# 21| 0: [TypeAccess] int +# 21| 1: [Parameter] b +# 21| 0: [TypeAccess] String +# 21| 2: [Parameter] c +# 21| 0: [TypeAccess] double +# 21| 3: [Parameter] e +# 21| 0: [TypeAccess] boolean +# 21| 5: [BlockStmt] { ... } +# 21| 0: [ReturnStmt] return ... +# 21| 0: [MethodAccess] testCompanionFunction(...) +# 21| -1: [ThisAccess] this +# 21| 0: [VarAccess] a +# 21| 1: [VarAccess] b +# 21| 2: [VarAccess] c +# 21| 3: [FloatLiteral] 1.0 +# 21| 4: [VarAccess] e +# 21| 4: [Method] testCompanionFunction +# 21| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 21| 0: [Parameter] a +# 21| 0: [TypeAccess] int +# 21| 1: [Parameter] b +# 21| 0: [TypeAccess] String +# 21| 2: [Parameter] c +# 21| 0: [TypeAccess] double +# 21| 3: [Parameter] d +# 21| 0: [TypeAccess] float +# 21| 4: [Parameter] e +# 21| 0: [TypeAccess] boolean +# 21| 5: [BlockStmt] { ... } +# 21| 0: [ReturnStmt] return ... +# 21| 0: [VarAccess] a +# 21| 5: [Method] testCompanionFunction$default +# 21| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 21| 0: [Parameter] p0 +# 21| 0: [TypeAccess] Companion +# 21| 1: [Parameter] p1 +# 21| 0: [TypeAccess] int +# 21| 2: [Parameter] p2 +# 21| 0: [TypeAccess] String +# 21| 3: [Parameter] p3 +# 21| 0: [TypeAccess] double +# 21| 4: [Parameter] p4 +# 21| 0: [TypeAccess] float +# 21| 5: [Parameter] p5 +# 21| 0: [TypeAccess] boolean +# 21| 6: [Parameter] p6 +# 21| 0: [TypeAccess] int +# 21| 7: [Parameter] p7 +# 21| 0: [TypeAccess] Object +# 21| 5: [BlockStmt] { ... } +# 21| 0: [IfStmt] if (...) +# 21| 0: [EQExpr] ... == ... +# 21| 0: [AndBitwiseExpr] ... & ... +# 21| 0: [IntegerLiteral] 2 +# 21| 1: [VarAccess] p6 +# 21| 1: [IntegerLiteral] 0 +# 21| 1: [ExprStmt] ; +# 21| 0: [AssignExpr] ...=... +# 21| 0: [VarAccess] p2 +# 21| 1: [MethodAccess] getString(...) +# 21| -1: [TypeAccess] TestKt +# 21| 1: [IfStmt] if (...) +# 21| 0: [EQExpr] ... == ... +# 21| 0: [AndBitwiseExpr] ... & ... +# 21| 0: [IntegerLiteral] 8 +# 21| 1: [VarAccess] p6 +# 21| 1: [IntegerLiteral] 0 +# 21| 1: [ExprStmt] ; +# 21| 0: [AssignExpr] ...=... +# 21| 0: [VarAccess] p4 +# 21| 1: [FloatLiteral] 1.0 +# 21| 2: [ReturnStmt] return ... +# 21| 0: [MethodAccess] testCompanionFunction(...) +# 21| -1: [VarAccess] p0 +# 21| 0: [VarAccess] p1 +# 21| 1: [VarAccess] p2 +# 21| 2: [VarAccess] p3 +# 21| 3: [VarAccess] p4 +# 21| 4: [VarAccess] p5 +# 24| 6: [Method] testStaticCompanionFunction +# 24| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 24| 0: [Parameter] a +# 24| 0: [TypeAccess] int +# 24| 1: [Parameter] c +# 24| 0: [TypeAccess] double +# 24| 2: [Parameter] e +# 24| 0: [TypeAccess] boolean +# 24| 5: [BlockStmt] { ... } +# 24| 0: [ReturnStmt] return ... +# 24| 0: [MethodAccess] testStaticCompanionFunction(...) +# 24| -1: [ThisAccess] this +# 24| 0: [VarAccess] a +# 24| 1: [MethodAccess] getString(...) +# 24| -1: [TypeAccess] TestKt +# 24| 2: [VarAccess] c +# 24| 3: [FloatLiteral] 1.0 +# 24| 4: [VarAccess] e +# 24| 7: [Method] testStaticCompanionFunction +# 24| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 24| 0: [Parameter] a +# 24| 0: [TypeAccess] int +# 24| 1: [Parameter] b +# 24| 0: [TypeAccess] String +# 24| 2: [Parameter] c +# 24| 0: [TypeAccess] double +# 24| 3: [Parameter] e +# 24| 0: [TypeAccess] boolean +# 24| 5: [BlockStmt] { ... } +# 24| 0: [ReturnStmt] return ... +# 24| 0: [MethodAccess] testStaticCompanionFunction(...) +# 24| -1: [ThisAccess] this +# 24| 0: [VarAccess] a +# 24| 1: [VarAccess] b +# 24| 2: [VarAccess] c +# 24| 3: [FloatLiteral] 1.0 +# 24| 4: [VarAccess] e +# 24| 8: [Method] testStaticCompanionFunction +# 24| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 24| 0: [Parameter] a +# 24| 0: [TypeAccess] int +# 24| 1: [Parameter] b +# 24| 0: [TypeAccess] String +# 24| 2: [Parameter] c +# 24| 0: [TypeAccess] double +# 24| 3: [Parameter] d +# 24| 0: [TypeAccess] float +# 24| 4: [Parameter] e +# 24| 0: [TypeAccess] boolean +# 24| 5: [BlockStmt] { ... } +# 24| 0: [ReturnStmt] return ... +# 24| 0: [VarAccess] a +# 24| 9: [Method] testStaticCompanionFunction$default +# 24| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 24| 0: [Parameter] p0 +# 24| 0: [TypeAccess] Companion +# 24| 1: [Parameter] p1 +# 24| 0: [TypeAccess] int +# 24| 2: [Parameter] p2 +# 24| 0: [TypeAccess] String +# 24| 3: [Parameter] p3 +# 24| 0: [TypeAccess] double +# 24| 4: [Parameter] p4 +# 24| 0: [TypeAccess] float +# 24| 5: [Parameter] p5 +# 24| 0: [TypeAccess] boolean +# 24| 6: [Parameter] p6 +# 24| 0: [TypeAccess] int +# 24| 7: [Parameter] p7 +# 24| 0: [TypeAccess] Object +# 24| 5: [BlockStmt] { ... } +# 24| 0: [IfStmt] if (...) +# 24| 0: [EQExpr] ... == ... +# 24| 0: [AndBitwiseExpr] ... & ... +# 24| 0: [IntegerLiteral] 2 +# 24| 1: [VarAccess] p6 +# 24| 1: [IntegerLiteral] 0 +# 24| 1: [ExprStmt] ; +# 24| 0: [AssignExpr] ...=... +# 24| 0: [VarAccess] p2 +# 24| 1: [MethodAccess] getString(...) +# 24| -1: [TypeAccess] TestKt +# 24| 1: [IfStmt] if (...) +# 24| 0: [EQExpr] ... == ... +# 24| 0: [AndBitwiseExpr] ... & ... +# 24| 0: [IntegerLiteral] 8 +# 24| 1: [VarAccess] p6 +# 24| 1: [IntegerLiteral] 0 +# 24| 1: [ExprStmt] ; +# 24| 0: [AssignExpr] ...=... +# 24| 0: [VarAccess] p4 +# 24| 1: [FloatLiteral] 1.0 +# 24| 2: [ReturnStmt] return ... +# 24| 0: [MethodAccess] testStaticCompanionFunction(...) +# 24| -1: [VarAccess] p0 +# 24| 0: [VarAccess] p1 +# 24| 1: [VarAccess] p2 +# 24| 2: [VarAccess] p3 +# 24| 3: [VarAccess] p4 +# 24| 4: [VarAccess] p5 +# 24| 6: [Method] testStaticCompanionFunction +# 24| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 24| 0: [Parameter] a +# 24| 0: [TypeAccess] int +# 24| 1: [Parameter] c +# 24| 0: [TypeAccess] double +# 24| 2: [Parameter] e +# 24| 0: [TypeAccess] boolean +# 24| 5: [BlockStmt] { ... } +# 24| 0: [ReturnStmt] return ... +# 24| 0: [MethodAccess] testStaticCompanionFunction(...) +# 24| -1: [ThisAccess] this +# 24| 0: [VarAccess] a +# 24| 1: [MethodAccess] getString(...) +# 24| -1: [TypeAccess] TestKt +# 24| 2: [VarAccess] c +# 24| 3: [FloatLiteral] 1.0 +# 24| 4: [VarAccess] e +# 24| 7: [Method] testStaticCompanionFunction +# 24| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 24| 0: [Parameter] a +# 24| 0: [TypeAccess] int +# 24| 1: [Parameter] b +# 24| 0: [TypeAccess] String +# 24| 2: [Parameter] c +# 24| 0: [TypeAccess] double +# 24| 3: [Parameter] e +# 24| 0: [TypeAccess] boolean +# 24| 5: [BlockStmt] { ... } +# 24| 0: [ReturnStmt] return ... +# 24| 0: [MethodAccess] testStaticCompanionFunction(...) +# 24| -1: [ThisAccess] this +# 24| 0: [VarAccess] a +# 24| 1: [VarAccess] b +# 24| 2: [VarAccess] c +# 24| 3: [FloatLiteral] 1.0 +# 24| 4: [VarAccess] e +# 24| 8: [Method] testStaticCompanionFunction +# 24| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 24| 0: [Parameter] a +# 24| 0: [TypeAccess] int +# 24| 1: [Parameter] b +# 24| 0: [TypeAccess] String +# 24| 2: [Parameter] c +# 24| 0: [TypeAccess] double +# 24| 3: [Parameter] d +# 24| 0: [TypeAccess] float +# 24| 4: [Parameter] e +# 24| 0: [TypeAccess] boolean +# 24| 5: [BlockStmt] { ... } +# 24| 0: [ReturnStmt] return ... +# 24| 0: [MethodAccess] testStaticCompanionFunction(...) +# 24| -1: [VarAccess] Test2.Companion +# 24| -1: [TypeAccess] Test2 +# 24| 0: [VarAccess] a +# 24| 1: [VarAccess] b +# 24| 2: [VarAccess] c +# 24| 3: [VarAccess] d +# 24| 4: [VarAccess] e +# 30| 4: [Class,GenericType,ParameterizedType] GenericTest +#-----| -2: (Generic Parameters) +# 30| 0: [TypeVariable] T +# 30| 1: [Constructor] GenericTest +#-----| 4: (Parameters) +# 30| 0: [Parameter] b +# 30| 0: [TypeAccess] T +# 30| 1: [Parameter] d +# 30| 0: [TypeAccess] T +# 30| 5: [BlockStmt] { ... } +# 30| 0: [ThisConstructorInvocationStmt] this(...) +# 30| 0: [IntegerLiteral] 1 +# 30| 1: [VarAccess] b +# 30| 2: [StringLiteral] Hello world +# 30| 3: [VarAccess] d +# 30| 2: [Constructor] GenericTest +#-----| 4: (Parameters) +# 30| 0: [Parameter] a +# 30| 0: [TypeAccess] int +# 30| 1: [Parameter] b +# 30| 0: [TypeAccess] T +# 30| 2: [Parameter] d +# 30| 0: [TypeAccess] T +# 30| 5: [BlockStmt] { ... } +# 30| 0: [ThisConstructorInvocationStmt] this(...) +# 30| 0: [VarAccess] a +# 30| 1: [VarAccess] b +# 30| 2: [StringLiteral] Hello world +# 30| 3: [VarAccess] d +# 30| 3: [Constructor] GenericTest +#-----| 4: (Parameters) +# 30| 0: [Parameter] a +# 30| 0: [TypeAccess] int +# 30| 1: [Parameter] b +# 30| 0: [TypeAccess] T +# 30| 2: [Parameter] c +# 30| 0: [TypeAccess] String +# 30| 3: [Parameter] d +# 30| 0: [TypeAccess] T +# 30| 5: [BlockStmt] { ... } +# 30| 0: [SuperConstructorInvocationStmt] super(...) +# 30| 1: [BlockStmt] { ... } +# 30| 4: [Constructor] GenericTest +#-----| 4: (Parameters) +# 30| 0: [Parameter] p0 +# 30| 0: [TypeAccess] int +# 30| 1: [Parameter] p1 +# 30| 0: [TypeAccess] Object +# 30| 2: [Parameter] p2 +# 30| 0: [TypeAccess] String +# 30| 3: [Parameter] p3 +# 30| 0: [TypeAccess] Object +# 30| 4: [Parameter] p4 +# 30| 0: [TypeAccess] int +# 30| 5: [Parameter] p5 +# 30| 0: [TypeAccess] DefaultConstructorMarker +# 30| 5: [BlockStmt] { ... } +# 30| 0: [IfStmt] if (...) +# 30| 0: [EQExpr] ... == ... +# 30| 0: [AndBitwiseExpr] ... & ... +# 30| 0: [IntegerLiteral] 1 +# 30| 1: [VarAccess] p4 +# 30| 1: [IntegerLiteral] 0 +# 30| 1: [ExprStmt] ; +# 30| 0: [AssignExpr] ...=... +# 30| 0: [VarAccess] p0 +# 30| 1: [IntegerLiteral] 1 +# 30| 1: [IfStmt] if (...) +# 30| 0: [EQExpr] ... == ... +# 30| 0: [AndBitwiseExpr] ... & ... +# 30| 0: [IntegerLiteral] 4 +# 30| 1: [VarAccess] p4 +# 30| 1: [IntegerLiteral] 0 +# 30| 1: [ExprStmt] ; +# 30| 0: [AssignExpr] ...=... +# 30| 0: [VarAccess] p2 +# 30| 1: [StringLiteral] Hello world +# 30| 2: [ThisConstructorInvocationStmt] this(...) +# 30| 0: [VarAccess] p0 +# 30| 1: [VarAccess] p1 +# 30| 2: [VarAccess] p2 +# 30| 3: [VarAccess] p3 +# 33| 5: [Method] testMemberFunction +# 33| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 33| 0: [Parameter] b +# 33| 0: [TypeAccess] T +# 33| 1: [Parameter] d +# 33| 0: [TypeAccess] T +# 33| 5: [BlockStmt] { ... } +# 33| 0: [ReturnStmt] return ... +# 33| 0: [MethodAccess] testMemberFunction(...) +# 33| -1: [ThisAccess] this +# 33| 0: [IntegerLiteral] 1 +# 33| 1: [VarAccess] b +# 33| 2: [StringLiteral] Hello world +# 33| 3: [VarAccess] d +# 33| 6: [Method] testMemberFunction +# 33| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 33| 0: [Parameter] a +# 33| 0: [TypeAccess] int +# 33| 1: [Parameter] b +# 33| 0: [TypeAccess] T +# 33| 2: [Parameter] d +# 33| 0: [TypeAccess] T +# 33| 5: [BlockStmt] { ... } +# 33| 0: [ReturnStmt] return ... +# 33| 0: [MethodAccess] testMemberFunction(...) +# 33| -1: [ThisAccess] this +# 33| 0: [VarAccess] a +# 33| 1: [VarAccess] b +# 33| 2: [StringLiteral] Hello world +# 33| 3: [VarAccess] d +# 33| 7: [Method] testMemberFunction +# 33| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 33| 0: [Parameter] a +# 33| 0: [TypeAccess] int +# 33| 1: [Parameter] b +# 33| 0: [TypeAccess] T +# 33| 2: [Parameter] c +# 33| 0: [TypeAccess] String +# 33| 3: [Parameter] d +# 33| 0: [TypeAccess] T +# 33| 5: [BlockStmt] { ... } +# 33| 0: [ReturnStmt] return ... +# 33| 0: [VarAccess] a +# 33| 8: [Method] testMemberFunction$default +# 33| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 33| 0: [Parameter] p0 +# 33| 0: [TypeAccess] GenericTest<> +# 33| 1: [Parameter] p1 +# 33| 0: [TypeAccess] int +# 33| 2: [Parameter] p2 +# 33| 0: [TypeAccess] Object +# 33| 3: [Parameter] p3 +# 33| 0: [TypeAccess] String +# 33| 4: [Parameter] p4 +# 33| 0: [TypeAccess] Object +# 33| 5: [Parameter] p5 +# 33| 0: [TypeAccess] int +# 33| 6: [Parameter] p6 +# 33| 0: [TypeAccess] Object +# 33| 5: [BlockStmt] { ... } +# 33| 0: [IfStmt] if (...) +# 33| 0: [EQExpr] ... == ... +# 33| 0: [AndBitwiseExpr] ... & ... +# 33| 0: [IntegerLiteral] 1 +# 33| 1: [VarAccess] p5 +# 33| 1: [IntegerLiteral] 0 +# 33| 1: [ExprStmt] ; +# 33| 0: [AssignExpr] ...=... +# 33| 0: [VarAccess] p1 +# 33| 1: [IntegerLiteral] 1 +# 33| 1: [IfStmt] if (...) +# 33| 0: [EQExpr] ... == ... +# 33| 0: [AndBitwiseExpr] ... & ... +# 33| 0: [IntegerLiteral] 4 +# 33| 1: [VarAccess] p5 +# 33| 1: [IntegerLiteral] 0 +# 33| 1: [ExprStmt] ; +# 33| 0: [AssignExpr] ...=... +# 33| 0: [VarAccess] p3 +# 33| 1: [StringLiteral] Hello world +# 33| 2: [ReturnStmt] return ... +# 33| 0: [MethodAccess] testMemberFunction(...) +# 33| -1: [VarAccess] p0 +# 33| 0: [VarAccess] p1 +# 33| 1: [VarAccess] p2 +# 33| 2: [VarAccess] p3 +# 33| 3: [VarAccess] p4 +# 35| 9: [Method] useSpecialised +# 35| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 35| 0: [Parameter] spec1 +# 35| 0: [TypeAccess] GenericTest +# 35| 0: [TypeAccess] Float +# 35| 1: [Parameter] spec2 +# 35| 0: [TypeAccess] GenericTest +# 35| 0: [TypeAccess] Double +# 35| 5: [BlockStmt] { ... } +# 37| 0: [ExprStmt] ; +# 37| 0: [ImplicitCoercionToUnitExpr] +# 37| 0: [TypeAccess] Unit +# 37| 1: [MethodAccess] testMemberFunction(...) +# 37| -1: [VarAccess] spec1 +# 37| 0: [IntegerLiteral] 1 +# 37| 1: [FloatLiteral] 1.0 +# 37| 2: [StringLiteral] Hello world +# 37| 3: [FloatLiteral] 2.0 +# 38| 1: [ExprStmt] ; +# 38| 0: [ImplicitCoercionToUnitExpr] +# 38| 0: [TypeAccess] Unit +# 38| 1: [MethodAccess] testMemberFunction(...) +# 38| -1: [VarAccess] spec2 +# 38| 0: [IntegerLiteral] 1 +# 38| 1: [DoubleLiteral] 1.0 +# 38| 2: [StringLiteral] Hello world +# 38| 3: [DoubleLiteral] 2.0 diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.qlref b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.qlref new file mode 100644 index 00000000000..c7fd5faf239 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.qlref @@ -0,0 +1 @@ +semmle/code/java/PrintAst.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.expected b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.expected new file mode 100644 index 00000000000..00654e8929f --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.expected @@ -0,0 +1,57 @@ +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | GenericTest(int,java.lang.Double,java.lang.Double) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | GenericTest(int,java.lang.Double,java.lang.String,java.lang.Double) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | GenericTest(java.lang.Double,java.lang.Double) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | testMemberFunction | testMemberFunction(int,java.lang.Double,java.lang.Double) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | testMemberFunction | testMemberFunction(int,java.lang.Double,java.lang.String,java.lang.Double) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | testMemberFunction | testMemberFunction(java.lang.Double,java.lang.Double) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | useSpecialised | useSpecialised(GenericTest,GenericTest) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | GenericTest(int,java.lang.Float,java.lang.Float) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | GenericTest(int,java.lang.Float,java.lang.String,java.lang.Float) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | GenericTest(java.lang.Float,java.lang.Float) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | testMemberFunction | testMemberFunction(int,java.lang.Float,java.lang.Float) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | testMemberFunction | testMemberFunction(int,java.lang.Float,java.lang.String,java.lang.Float) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | testMemberFunction | testMemberFunction(java.lang.Float,java.lang.Float) | +| file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | GenericTest | file:///!unknown-binary-location/GenericTest.class:0:0:0:0 | useSpecialised | useSpecialised(GenericTest,GenericTest) | +| test.kt:0:0:0:0 | TestKt | test.kt:1:1:1:31 | getString | getString() | +| test.kt:0:0:0:0 | TestKt | test.kt:45:1:45:112 | testExtensionFunction | testExtensionFunction(Test,int,double,boolean) | +| test.kt:0:0:0:0 | TestKt | test.kt:45:1:45:112 | testExtensionFunction | testExtensionFunction(Test,int,java.lang.String,double,boolean) | +| test.kt:0:0:0:0 | TestKt | test.kt:45:1:45:112 | testExtensionFunction | testExtensionFunction(Test,int,java.lang.String,double,float,boolean) | +| test.kt:0:0:0:0 | TestKt | test.kt:45:1:45:112 | testExtensionFunction$default | testExtensionFunction$default(Test,int,java.lang.String,double,float,boolean,int,java.lang.Object) | +| test.kt:3:1:14:1 | Test | test.kt:3:1:14:1 | Test | Test() | +| test.kt:3:1:14:1 | Test | test.kt:6:3:6:106 | testStaticFunction | testStaticFunction(int,double,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:6:3:6:106 | testStaticFunction | testStaticFunction(int,java.lang.String,double,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:6:3:6:106 | testStaticFunction | testStaticFunction(int,java.lang.String,double,float,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:6:3:6:106 | testStaticFunction$default | testStaticFunction$default(int,java.lang.String,double,float,boolean,int,java.lang.Object) | +| test.kt:3:1:14:1 | Test | test.kt:9:3:9:106 | testMemberFunction | testMemberFunction(int,double,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:9:3:9:106 | testMemberFunction | testMemberFunction(int,java.lang.String,double,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:9:3:9:106 | testMemberFunction | testMemberFunction(int,java.lang.String,double,float,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:9:3:9:106 | testMemberFunction$default | testMemberFunction$default(Test,int,java.lang.String,double,float,boolean,int,java.lang.Object) | +| test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction | testMemberExtensionFunction(Test2,int,double,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction | testMemberExtensionFunction(Test2,int,java.lang.String,double,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction | testMemberExtensionFunction(Test2,int,java.lang.String,double,float,boolean) | +| test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction$default | testMemberExtensionFunction$default(Test2,Test,int,java.lang.String,double,float,boolean,int,java.lang.Object) | +| test.kt:16:1:28:1 | Test2 | test.kt:16:34:28:1 | Test2 | Test2(int,double,boolean) | +| test.kt:16:1:28:1 | Test2 | test.kt:16:34:28:1 | Test2 | Test2(int,java.lang.String,double,boolean) | +| test.kt:16:1:28:1 | Test2 | test.kt:16:34:28:1 | Test2 | Test2(int,java.lang.String,double,float,boolean) | +| test.kt:16:1:28:1 | Test2 | test.kt:16:34:28:1 | Test2 | Test2(int,java.lang.String,double,float,boolean,int,kotlin.jvm.internal.DefaultConstructorMarker) | +| test.kt:16:1:28:1 | Test2 | test.kt:24:5:24:117 | testStaticCompanionFunction | testStaticCompanionFunction(int,double,boolean) | +| test.kt:16:1:28:1 | Test2 | test.kt:24:5:24:117 | testStaticCompanionFunction | testStaticCompanionFunction(int,java.lang.String,double,boolean) | +| test.kt:16:1:28:1 | Test2 | test.kt:24:5:24:117 | testStaticCompanionFunction | testStaticCompanionFunction(int,java.lang.String,double,float,boolean) | +| test.kt:18:3:26:3 | Companion | test.kt:18:3:26:3 | Companion | Companion() | +| test.kt:18:3:26:3 | Companion | test.kt:21:5:21:111 | testCompanionFunction | testCompanionFunction(int,double,boolean) | +| test.kt:18:3:26:3 | Companion | test.kt:21:5:21:111 | testCompanionFunction | testCompanionFunction(int,java.lang.String,double,boolean) | +| test.kt:18:3:26:3 | Companion | test.kt:21:5:21:111 | testCompanionFunction | testCompanionFunction(int,java.lang.String,double,float,boolean) | +| test.kt:18:3:26:3 | Companion | test.kt:21:5:21:111 | testCompanionFunction$default | testCompanionFunction$default(Test2.Companion,int,java.lang.String,double,float,boolean,int,java.lang.Object) | +| test.kt:18:3:26:3 | Companion | test.kt:24:5:24:117 | testStaticCompanionFunction | testStaticCompanionFunction(int,double,boolean) | +| test.kt:18:3:26:3 | Companion | test.kt:24:5:24:117 | testStaticCompanionFunction | testStaticCompanionFunction(int,java.lang.String,double,boolean) | +| test.kt:18:3:26:3 | Companion | test.kt:24:5:24:117 | testStaticCompanionFunction | testStaticCompanionFunction(int,java.lang.String,double,float,boolean) | +| test.kt:18:3:26:3 | Companion | test.kt:24:5:24:117 | testStaticCompanionFunction$default | testStaticCompanionFunction$default(Test2.Companion,int,java.lang.String,double,float,boolean,int,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:30:43:42:1 | GenericTest | GenericTest(int,java.lang.Object,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:30:43:42:1 | GenericTest | GenericTest(int,java.lang.Object,java.lang.String,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:30:43:42:1 | GenericTest | GenericTest(int,java.lang.Object,java.lang.String,java.lang.Object,int,kotlin.jvm.internal.DefaultConstructorMarker) | +| test.kt:30:1:42:1 | GenericTest | test.kt:30:43:42:1 | GenericTest | GenericTest(java.lang.Object,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:33:3:33:84 | testMemberFunction | testMemberFunction(int,java.lang.Object,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:33:3:33:84 | testMemberFunction | testMemberFunction(int,java.lang.Object,java.lang.String,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:33:3:33:84 | testMemberFunction | testMemberFunction(java.lang.Object,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:33:3:33:84 | testMemberFunction$default | testMemberFunction$default(GenericTest,int,java.lang.Object,java.lang.String,java.lang.Object,int,java.lang.Object) | +| test.kt:30:1:42:1 | GenericTest | test.kt:35:3:40:3 | useSpecialised | useSpecialised(GenericTest,GenericTest) | diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.kt b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.kt new file mode 100644 index 00000000000..131fc6b8b68 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.kt @@ -0,0 +1,45 @@ +fun getString() = "Hello world" + +object Test { + + @JvmOverloads @JvmStatic + fun testStaticFunction(a: Int, b: String = getString(), c: Double, d: Float = 1.0f, e: Boolean): Int = a + + @JvmOverloads + fun testMemberFunction(a: Int, b: String = getString(), c: Double, d: Float = 1.0f, e: Boolean): Int = a + + @JvmOverloads + fun Test2.testMemberExtensionFunction(a: Int, b: String = getString(), c: Double, d: Float = 1.0f, e: Boolean): Int = a + +} + +public class Test2 @JvmOverloads constructor(a: Int, b: String = getString(), c: Double, d: Float = 1.0f, e: Boolean) { + + companion object { + + @JvmOverloads + fun testCompanionFunction(a: Int, b: String = getString(), c: Double, d: Float = 1.0f, e: Boolean): Int = a + + @JvmOverloads @JvmStatic + fun testStaticCompanionFunction(a: Int, b: String = getString(), c: Double, d: Float = 1.0f, e: Boolean): Int = a + + } + +} + +public class GenericTest @JvmOverloads constructor(a: Int = 1, b: T, c: String = "Hello world", d: T) { + + @JvmOverloads + fun testMemberFunction(a: Int = 1, b: T, c: String = "Hello world", d: T): Int = a + + fun useSpecialised(spec1: GenericTest, spec2: GenericTest) { + + spec1.testMemberFunction(1, 1.0f, "Hello world", 2.0f) + spec2.testMemberFunction(1, 1.0, "Hello world", 2.0) + + } + +} + +@JvmOverloads +fun Test.testExtensionFunction(a: Int, b: String = getString(), c: Double, d: Float = 1.0f, e: Boolean): Int = a diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.ql b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.ql new file mode 100644 index 00000000000..1ad74fa2a99 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.ql @@ -0,0 +1,5 @@ +import java + +from Callable c +where c.getSourceDeclaration().fromSource() +select c.getDeclaringType(), c, c.getSignature() diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/User.java b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/User.java new file mode 100644 index 00000000000..aa739ed1b84 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/User.java @@ -0,0 +1,43 @@ +public class User { + + public static String source() { return "taint"; } + + public static void test(Test2 t2, GenericTest gt, TestDefaultParameterReference paramRefTest) { + + Test.taintSuppliedAsDefault(1, "no taint", 2); + Test.taintSuppliedAsDefault(1, 2); + Test.noTaintByDefault(1, source(), 2, 3); + Test.noTaintByDefault(1, source(), 2); + + Test2.taintSuppliedAsDefaultStatic(1, "no taint", 2); + Test2.taintSuppliedAsDefaultStatic(1, 2); + Test2.noTaintByDefaultStatic(1, source(), 2, 3); + Test2.noTaintByDefaultStatic(1, source(), 2); + + t2.taintSuppliedAsDefault(1, "no taint", 2); + t2.taintSuppliedAsDefault(1, 2); + t2.noTaintByDefault(1, source(), 2, 3); + t2.noTaintByDefault(1, source(), 2); + + gt.taintSuppliedAsDefault(1, "no taint", 2); + gt.taintSuppliedAsDefault(1, 2); + gt.noTaintByDefault(1, source(), 2, 3); + gt.noTaintByDefault(1, source(), 2); + + new ConstructorTaintsByDefault(1, "no taint", 2); + new ConstructorTaintsByDefault(1, 2); + new ConstructorDoesNotTaintByDefault(1, source(), 2, 3); + new ConstructorDoesNotTaintByDefault(1, source(), 2); + + new GenericConstructorTaintsByDefault(1, "no taint", 2); + new GenericConstructorTaintsByDefault(1, 2); + new GenericConstructorDoesNotTaintByDefault(1, source(), 2, 3); + new GenericConstructorDoesNotTaintByDefault(1, source(), 2); + + paramRefTest.f(source(), "no flow"); + paramRefTest.f("flow", source()); + paramRefTest.f(source()); // Should also have flow due to the default for the second parameter being the value of the first + + } + +} diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.expected b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.expected new file mode 100644 index 00000000000..d2740fc010a --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.expected @@ -0,0 +1,27 @@ +| User.java:9:30:9:37 | source(...) | test.kt:13:97:13:97 | s | User.java:5:22:5:25 | test | +| User.java:10:30:10:37 | source(...) | test.kt:13:97:13:97 | s | User.java:5:22:5:25 | test | +| User.java:14:37:14:44 | source(...) | test.kt:25:105:25:105 | s | User.java:5:22:5:25 | test | +| User.java:15:37:15:44 | source(...) | test.kt:25:105:25:105 | s | User.java:5:22:5:25 | test | +| User.java:19:28:19:35 | source(...) | test.kt:33:97:33:97 | s | User.java:5:22:5:25 | test | +| User.java:20:28:20:35 | source(...) | test.kt:33:97:33:97 | s | User.java:5:22:5:25 | test | +| User.java:24:28:24:35 | source(...) | test.kt:43:93:43:93 | s | User.java:5:22:5:25 | test | +| User.java:25:28:25:35 | source(...) | test.kt:43:93:43:93 | s | User.java:5:22:5:25 | test | +| User.java:29:45:29:52 | source(...) | test.kt:58:10:58:10 | s | User.java:5:22:5:25 | test | +| User.java:30:45:30:52 | source(...) | test.kt:58:10:58:10 | s | User.java:5:22:5:25 | test | +| User.java:34:61:34:68 | source(...) | test.kt:74:10:74:10 | s | User.java:5:22:5:25 | test | +| User.java:35:61:35:68 | source(...) | test.kt:74:10:74:10 | s | User.java:5:22:5:25 | test | +| User.java:38:28:38:35 | source(...) | test.kt:84:10:84:10 | y | User.java:5:22:5:25 | test | +| User.java:39:20:39:27 | source(...) | test.kt:84:10:84:10 | y | User.java:5:22:5:25 | test | +| test.kt:10:55:10:62 | source(...) | test.kt:10:84:10:84 | s | test.kt:10:3:10:87 | taintSuppliedAsDefault | +| test.kt:10:55:10:62 | source(...) | test.kt:10:84:10:84 | s | test.kt:10:3:10:87 | taintSuppliedAsDefault$default | +| test.kt:22:63:22:70 | source(...) | test.kt:22:92:22:92 | s | test.kt:22:5:22:95 | taintSuppliedAsDefaultStatic | +| test.kt:22:63:22:70 | source(...) | test.kt:22:92:22:92 | s | test.kt:22:5:22:95 | taintSuppliedAsDefaultStatic | +| test.kt:22:63:22:70 | source(...) | test.kt:22:92:22:92 | s | test.kt:22:5:22:95 | taintSuppliedAsDefaultStatic$default | +| test.kt:30:55:30:62 | source(...) | test.kt:30:84:30:84 | s | test.kt:30:3:30:87 | taintSuppliedAsDefault | +| test.kt:30:55:30:62 | source(...) | test.kt:30:84:30:84 | s | test.kt:30:3:30:87 | taintSuppliedAsDefault$default | +| test.kt:40:53:40:60 | source(...) | test.kt:40:80:40:80 | s | test.kt:40:3:40:83 | taintSuppliedAsDefault | +| test.kt:40:53:40:60 | source(...) | test.kt:40:80:40:80 | s | test.kt:40:3:40:83 | taintSuppliedAsDefault$default | +| test.kt:47:92:47:99 | source(...) | test.kt:50:10:50:10 | s | test.kt:47:55:53:1 | ConstructorTaintsByDefault | +| test.kt:47:92:47:99 | source(...) | test.kt:50:10:50:10 | s | test.kt:47:55:53:1 | ConstructorTaintsByDefault | +| test.kt:63:100:63:107 | source(...) | test.kt:66:10:66:10 | s | test.kt:63:65:69:1 | GenericConstructorTaintsByDefault | +| test.kt:63:100:63:107 | source(...) | test.kt:66:10:66:10 | s | test.kt:63:65:69:1 | GenericConstructorTaintsByDefault | diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.kt b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.kt new file mode 100644 index 00000000000..ff5879ebb93 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.kt @@ -0,0 +1,87 @@ +fun getString() = "Hello world" + +fun source() = "tainted" + +fun sink(s: String) { } + +object Test { + + @JvmOverloads @JvmStatic + fun taintSuppliedAsDefault(before: Int, s: String = source(), after: Int) { sink(s) } + + @JvmOverloads @JvmStatic + fun noTaintByDefault(before: Int, s: String = "no taint", after: Int, after2: Int = 1) { sink(s) } + +} + +public class Test2 { + + companion object { + + @JvmOverloads @JvmStatic + fun taintSuppliedAsDefaultStatic(before: Int, s: String = source(), after: Int) { sink(s) } + + @JvmOverloads @JvmStatic + fun noTaintByDefaultStatic(before: Int, s: String = "no taint", after: Int, after2: Int = 1) { sink(s) } + + } + + @JvmOverloads + fun taintSuppliedAsDefault(before: Int, s: String = source(), after: Int) { sink(s) } + + @JvmOverloads + fun noTaintByDefault(before: Int, s: String = "no taint", after: Int, after2: Int = 1) { sink(s) } + +} + +public class GenericTest { + + @JvmOverloads + fun taintSuppliedAsDefault(before: T, s: String = source(), after: T) { sink(s) } + + @JvmOverloads + fun noTaintByDefault(before: T, s: String = "no taint", after: T, after2: Int = 1) { sink(s) } + +} + +public class ConstructorTaintsByDefault @JvmOverloads constructor(before: Int, s: String = source(), after: Int) { + + init { + sink(s) + } + +} + +public class ConstructorDoesNotTaintByDefault @JvmOverloads constructor(before: Int, s: String = "no taint", after: Int, after2: Int = 1) { + + init { + sink(s) + } + +} + +public class GenericConstructorTaintsByDefault @JvmOverloads constructor(before: T, s: String = source(), after: T) { + + init { + sink(s) + } + +} + +public class GenericConstructorDoesNotTaintByDefault @JvmOverloads constructor(before: T, s: String = "no taint", after: T, after2: T? = null) { + + init { + sink(s) + } + +} + +fun ident(s: String) = s + +public class TestDefaultParameterReference { + + @JvmOverloads fun f(x: String, y: String = ident(x)) { + sink(y) + } + +} diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.ql b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.ql new file mode 100644 index 00000000000..05bdca7b7c9 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.ql @@ -0,0 +1,18 @@ +import java +import semmle.code.java.dataflow.DataFlow + +class Config extends DataFlow::Configuration { + Config() { this = "config" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodAccess).getCallee().getName() = "source" + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().getName() = "sink" + } +} + +from Config c, DataFlow::Node source, DataFlow::Node sink +where c.hasFlow(source, sink) +select source, sink, source.getEnclosingCallable() diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_generics/User.java b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/User.java new file mode 100644 index 00000000000..04ae091ab7f --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/User.java @@ -0,0 +1,9 @@ +public class User { + + public static void test(A a) { + + a.genericFunctionWithOverloads(null, null); + + } + +} diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.expected b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.expected new file mode 100644 index 00000000000..7bd54989bcf --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.expected @@ -0,0 +1,9 @@ +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads() | return | T | genericFunctionWithOverloads() | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object) | param | T | genericFunctionWithOverloads(java.lang.Object) | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object) | return | T | genericFunctionWithOverloads(java.lang.Object) | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object,java.util.List) | param | List | genericFunctionWithOverloads(java.lang.Object,java.util.List) | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object,java.util.List) | param | T | genericFunctionWithOverloads(java.lang.Object,java.util.List) | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object,java.util.List) | return | T | genericFunctionWithOverloads(java.lang.Object,java.util.List) | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object,java.util.List,java.lang.Object) | param | List | genericFunctionWithOverloads(java.lang.Object,java.util.List,java.lang.Object) | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object,java.util.List,java.lang.Object) | param | T | genericFunctionWithOverloads(java.lang.Object,java.util.List,java.lang.Object) | +| test.kt:4:3:4:94 | genericFunctionWithOverloads | genericFunctionWithOverloads(java.lang.Object,java.util.List,java.lang.Object) | return | T | genericFunctionWithOverloads(java.lang.Object,java.util.List,java.lang.Object) | diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.kt b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.kt new file mode 100644 index 00000000000..3e5ced39c3f --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.kt @@ -0,0 +1,6 @@ +public class A { + + @JvmOverloads + fun genericFunctionWithOverloads(x: T? = null, y: List? = null, z: T? = null): T? = z + +} diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.ql b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.ql new file mode 100644 index 00000000000..d61705a10f8 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.ql @@ -0,0 +1,16 @@ +import java + +from Method m, string kind, Type t +where + m.fromSource() and + ( + kind = "param" and t = m.getAParamType() + or + kind = "return" and t = m.getReturnType() + ) +// 't.(ParameterizedType).getATypeArgument().(Wildcard).getUpperBound().getType()' is pulling the 'T' out of 'List' +select m, m.getSignature(), kind, t.toString(), + [t, t.(ParameterizedType).getATypeArgument().(Wildcard).getUpperBound().getType()] + .(TypeVariable) + .getGenericCallable() + .getSignature() diff --git a/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected new file mode 100644 index 00000000000..c2119ec6123 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected @@ -0,0 +1,94 @@ +test.kt: +# 0| [CompilationUnit] test +# 1| 1: [Class] LateInit +# 1| 1: [Constructor] LateInit +# 1| 5: [BlockStmt] { ... } +# 1| 0: [SuperConstructorInvocationStmt] super(...) +# 1| 1: [BlockStmt] { ... } +# 2| 2: [FieldDeclaration] LateInit test0; +# 2| -1: [TypeAccess] LateInit +# 2| 3: [Method] getTest0$private +# 2| 3: [TypeAccess] LateInit +# 2| 5: [BlockStmt] { ... } +# 2| 0: [ReturnStmt] return ... +# 2| 0: [VarAccess] this.test0 +# 2| -1: [ThisAccess] this +# 2| 4: [Method] setTest0$private +# 2| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 2| 0: [Parameter] +# 2| 0: [TypeAccess] LateInit +# 2| 5: [BlockStmt] { ... } +# 2| 0: [ExprStmt] ; +# 2| 0: [AssignExpr] ...=... +# 2| 0: [VarAccess] this.test0 +# 2| -1: [ThisAccess] this +# 2| 1: [VarAccess] +# 4| 5: [Method] f +# 4| 3: [TypeAccess] Unit +# 4| 5: [BlockStmt] { ... } +# 4| 0: [ReturnStmt] return ... +# 4| 0: [MethodAccess] println(...) +# 4| -1: [TypeAccess] ConsoleKt +# 4| 0: [StringLiteral] a +# 6| 6: [Method] init +# 6| 3: [TypeAccess] LateInit +# 6| 5: [BlockStmt] { ... } +# 6| 0: [ReturnStmt] return ... +# 6| 0: [ClassInstanceExpr] new LateInit(...) +# 6| -3: [TypeAccess] LateInit +# 8| 7: [Method] fn +# 8| 3: [TypeAccess] Unit +# 8| 5: [BlockStmt] { ... } +# 9| 0: [ExprStmt] ; +# 9| 0: [MethodAccess] f(...) +# 9| -1: [MethodAccess] getTest0$private(...) +# 9| -1: [ThisAccess] this +# 10| 1: [ExprStmt] ; +# 10| 0: [WhenExpr] when ... +# 10| 0: [WhenBranch] ... -> ... +# 10| 0: [MethodAccess] isInitialized(...) +# 10| -1: [TypeAccess] LateinitKt +# 10| 0: [PropertyRefExpr] ...::... +# 10| -4: [AnonymousClass] new KMutableProperty0(...) { ... } +# 10| 1: [Constructor] +#-----| 4: (Parameters) +# 10| 0: [Parameter] +# 10| 5: [BlockStmt] { ... } +# 10| 0: [SuperConstructorInvocationStmt] super(...) +# 10| 1: [ExprStmt] ; +# 10| 0: [AssignExpr] ...=... +# 10| 0: [VarAccess] this. +# 10| -1: [ThisAccess] this +# 10| 1: [VarAccess] +# 10| 2: [FieldDeclaration] LateInit ; +# 10| -1: [TypeAccess] LateInit +# 10| 3: [Method] get +# 10| 5: [BlockStmt] { ... } +# 10| 0: [ReturnStmt] return ... +# 10| 0: [MethodAccess] getTest0$private(...) +# 10| -1: [VarAccess] this. +# 10| -1: [ThisAccess] this +# 10| 4: [Method] invoke +# 10| 5: [BlockStmt] { ... } +# 10| 0: [ReturnStmt] return ... +# 10| 0: [MethodAccess] get(...) +# 10| -1: [ThisAccess] this +# 10| 5: [Method] set +#-----| 4: (Parameters) +# 10| 0: [Parameter] a0 +# 10| 5: [BlockStmt] { ... } +# 10| 0: [ReturnStmt] return ... +# 10| 0: [MethodAccess] setTest0$private(...) +# 10| -1: [VarAccess] this. +# 10| -1: [ThisAccess] this +# 10| 0: [VarAccess] a0 +# 10| -3: [TypeAccess] KMutableProperty0 +# 10| 0: [TypeAccess] LateInit +# 10| 0: [ThisAccess] this +# 10| 1: [BlockStmt] { ... } +# 13| 2: [LocalVariableDeclStmt] var ...; +# 13| 1: [LocalVariableDeclExpr] test1 +# 14| 3: [ExprStmt] ; +# 14| 0: [MethodAccess] f(...) +# 14| -1: [VarAccess] test1 diff --git a/java/ql/test/kotlin/library-tests/lateinit/PrintAst.qlref b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.qlref new file mode 100644 index 00000000000..c7fd5faf239 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.qlref @@ -0,0 +1 @@ +semmle/code/java/PrintAst.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/lateinit/test.expected b/java/ql/test/kotlin/library-tests/lateinit/test.expected new file mode 100644 index 00000000000..e3761785021 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/test.expected @@ -0,0 +1,8 @@ +| test.kt:4:15:4:26 | println(...) | file:///ConsoleKt.class:0:0:0:0 | println | +| test.kt:9:9:9:13 | getTest0$private(...) | test.kt:2:22:2:40 | getTest0$private | +| test.kt:9:15:9:17 | f(...) | test.kt:4:5:4:26 | f | +| test.kt:10:13:10:23 | get(...) | test.kt:10:13:10:23 | get | +| test.kt:10:13:10:23 | getTest0$private(...) | test.kt:2:22:2:40 | getTest0$private | +| test.kt:10:13:10:23 | setTest0$private(...) | test.kt:2:22:2:40 | setTest0$private | +| test.kt:10:25:10:37 | isInitialized(...) | file:///LateinitKt.class:0:0:0:0 | isInitialized | +| test.kt:14:15:14:17 | f(...) | test.kt:4:5:4:26 | f | diff --git a/java/ql/test/kotlin/library-tests/lateinit/test.kt b/java/ql/test/kotlin/library-tests/lateinit/test.kt new file mode 100644 index 00000000000..3312f67511c --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/test.kt @@ -0,0 +1,16 @@ +public class LateInit { + private lateinit var test0: LateInit + + fun f() = println("a") + + fun init() = LateInit() + + fun fn() { + test0.f() // This is preceded by a null-check and a throw in bytecode, in IR it's a simple call + if (this::test0.isInitialized) { // This is converted to a null-check in bytecode, in IR it's a call to `LateinitKt.isInitialized` + } + + lateinit var test1: LateInit + test1.f() // This is replaced by `Intrinsics.throwUninitializedPropertyAccessException` in bytecode, in IR it's a simple call + } +} diff --git a/java/ql/test/kotlin/library-tests/lateinit/test.ql b/java/ql/test/kotlin/library-tests/lateinit/test.ql new file mode 100644 index 00000000000..5f4a458da95 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/test.ql @@ -0,0 +1,13 @@ +import java + +class MethodLocation extends Method { + override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) { + exists(string fullPath | super.hasLocationInfo(fullPath, sl, sc, el, ec) | + if exists(this.getFile().getRelativePath()) + then path = fullPath + else path = fullPath.regexpReplaceAll(".*/", "/") + ) + } +} + +query predicate calls(MethodAccess ma, Method m) { ma.getMethod() = m } diff --git a/java/ql/test/kotlin/library-tests/methods/clinit.expected b/java/ql/test/kotlin/library-tests/methods/clinit.expected index ea5b5392d82..3bf5f170f08 100644 --- a/java/ql/test/kotlin/library-tests/methods/clinit.expected +++ b/java/ql/test/kotlin/library-tests/methods/clinit.expected @@ -1,2 +1,3 @@ | clinit.kt:0:0:0:0 | | file://:0:0:0:0 | void | | enumClass.kt:0:0:0:0 | | file://:0:0:0:0 | void | +| enumClass.kt:0:0:0:0 | | file://:0:0:0:0 | void | diff --git a/java/ql/test/kotlin/library-tests/methods/enumClass.kt b/java/ql/test/kotlin/library-tests/methods/enumClass.kt index 89568c0d5f4..9f3acad608a 100644 --- a/java/ql/test/kotlin/library-tests/methods/enumClass.kt +++ b/java/ql/test/kotlin/library-tests/methods/enumClass.kt @@ -2,3 +2,15 @@ enum class EnumClass(val v: Int) { enum1(1), enum2(1) } + +enum class EnumWithFunctions { + + VAL { + override fun f(i: Int) = i + override fun g(i: Int) = this.f(i) + i + }; + + abstract fun f(i: Int): Int + abstract fun g(i: Int): Int + +} diff --git a/java/ql/test/kotlin/library-tests/methods/exprs.expected b/java/ql/test/kotlin/library-tests/methods/exprs.expected index 46cae76c81c..bf15f66b6ef 100644 --- a/java/ql/test/kotlin/library-tests/methods/exprs.expected +++ b/java/ql/test/kotlin/library-tests/methods/exprs.expected @@ -12,25 +12,42 @@ | clinit.kt:3:1:3:24 | int | TypeAccess | | clinit.kt:3:1:3:24 | int | TypeAccess | | clinit.kt:3:24:3:24 | 0 | IntegerLiteral | +| dataClass.kt:0:0:0:0 | 0 | IntegerLiteral | +| dataClass.kt:0:0:0:0 | 0 | IntegerLiteral | +| dataClass.kt:0:0:0:0 | 1 | IntegerLiteral | +| dataClass.kt:0:0:0:0 | 2 | IntegerLiteral | | dataClass.kt:0:0:0:0 | 31 | IntegerLiteral | | dataClass.kt:0:0:0:0 | "..." | StringTemplateExpr | | dataClass.kt:0:0:0:0 | (...)... | CastExpr | | dataClass.kt:0:0:0:0 | ) | StringLiteral | | dataClass.kt:0:0:0:0 | , | StringLiteral | | dataClass.kt:0:0:0:0 | ... !is ... | NotInstanceOfExpr | +| dataClass.kt:0:0:0:0 | ... & ... | AndBitwiseExpr | +| dataClass.kt:0:0:0:0 | ... & ... | AndBitwiseExpr | | dataClass.kt:0:0:0:0 | ... (value not-equals) ... | ValueNEExpr | | dataClass.kt:0:0:0:0 | ... (value not-equals) ... | ValueNEExpr | +| dataClass.kt:0:0:0:0 | ... * ... | MulExpr | +| dataClass.kt:0:0:0:0 | ... + ... | AddExpr | +| dataClass.kt:0:0:0:0 | ... == ... | EQExpr | +| dataClass.kt:0:0:0:0 | ... == ... | EQExpr | | dataClass.kt:0:0:0:0 | ... == ... | EQExpr | | dataClass.kt:0:0:0:0 | ...=... | AssignExpr | +| dataClass.kt:0:0:0:0 | ...=... | AssignExpr | +| dataClass.kt:0:0:0:0 | ...=... | AssignExpr | +| dataClass.kt:0:0:0:0 | DataClass | TypeAccess | +| dataClass.kt:0:0:0:0 | DataClass | TypeAccess | | dataClass.kt:0:0:0:0 | DataClass | TypeAccess | | dataClass.kt:0:0:0:0 | DataClass | TypeAccess | | dataClass.kt:0:0:0:0 | DataClass | TypeAccess | | dataClass.kt:0:0:0:0 | DataClass | TypeAccess | | dataClass.kt:0:0:0:0 | DataClass( | StringLiteral | | dataClass.kt:0:0:0:0 | Object | TypeAccess | +| dataClass.kt:0:0:0:0 | Object | TypeAccess | +| dataClass.kt:0:0:0:0 | String | TypeAccess | | dataClass.kt:0:0:0:0 | String | TypeAccess | | dataClass.kt:0:0:0:0 | String | TypeAccess | | dataClass.kt:0:0:0:0 | boolean | TypeAccess | +| dataClass.kt:0:0:0:0 | copy(...) | MethodAccess | | dataClass.kt:0:0:0:0 | false | BooleanLiteral | | dataClass.kt:0:0:0:0 | false | BooleanLiteral | | dataClass.kt:0:0:0:0 | false | BooleanLiteral | @@ -38,11 +55,23 @@ | dataClass.kt:0:0:0:0 | hashCode(...) | MethodAccess | | dataClass.kt:0:0:0:0 | int | TypeAccess | | dataClass.kt:0:0:0:0 | int | TypeAccess | +| dataClass.kt:0:0:0:0 | int | TypeAccess | +| dataClass.kt:0:0:0:0 | int | TypeAccess | | dataClass.kt:0:0:0:0 | new DataClass(...) | ClassInstanceExpr | | dataClass.kt:0:0:0:0 | other | VarAccess | | dataClass.kt:0:0:0:0 | other | VarAccess | | dataClass.kt:0:0:0:0 | other | VarAccess | -| dataClass.kt:0:0:0:0 | plus(...) | MethodAccess | +| dataClass.kt:0:0:0:0 | p0 | VarAccess | +| dataClass.kt:0:0:0:0 | p0 | VarAccess | +| dataClass.kt:0:0:0:0 | p0 | VarAccess | +| dataClass.kt:0:0:0:0 | p0.x | VarAccess | +| dataClass.kt:0:0:0:0 | p0.y | VarAccess | +| dataClass.kt:0:0:0:0 | p1 | VarAccess | +| dataClass.kt:0:0:0:0 | p1 | VarAccess | +| dataClass.kt:0:0:0:0 | p2 | VarAccess | +| dataClass.kt:0:0:0:0 | p2 | VarAccess | +| dataClass.kt:0:0:0:0 | p3 | VarAccess | +| dataClass.kt:0:0:0:0 | p3 | VarAccess | | dataClass.kt:0:0:0:0 | result | LocalVariableDeclExpr | | dataClass.kt:0:0:0:0 | result | VarAccess | | dataClass.kt:0:0:0:0 | result | VarAccess | @@ -64,7 +93,6 @@ | dataClass.kt:0:0:0:0 | this.y | VarAccess | | dataClass.kt:0:0:0:0 | this.y | VarAccess | | dataClass.kt:0:0:0:0 | this.y | VarAccess | -| dataClass.kt:0:0:0:0 | times(...) | MethodAccess | | dataClass.kt:0:0:0:0 | tmp0_other_with_cast | LocalVariableDeclExpr | | dataClass.kt:0:0:0:0 | tmp0_other_with_cast | VarAccess | | dataClass.kt:0:0:0:0 | tmp0_other_with_cast | VarAccess | @@ -198,6 +226,10 @@ | enumClass.kt:0:0:0:0 | EnumClass | TypeAccess | | enumClass.kt:0:0:0:0 | EnumClass | TypeAccess | | enumClass.kt:0:0:0:0 | EnumClass[] | TypeAccess | +| enumClass.kt:0:0:0:0 | EnumWithFunctions | TypeAccess | +| enumClass.kt:0:0:0:0 | EnumWithFunctions | TypeAccess | +| enumClass.kt:0:0:0:0 | EnumWithFunctions[] | TypeAccess | +| enumClass.kt:0:0:0:0 | String | TypeAccess | | enumClass.kt:0:0:0:0 | String | TypeAccess | | enumClass.kt:1:1:4:1 | Enum | TypeAccess | | enumClass.kt:1:1:4:1 | EnumClass | TypeAccess | @@ -224,6 +256,33 @@ | enumClass.kt:3:5:3:12 | EnumClass.enum2 | VarAccess | | enumClass.kt:3:5:3:12 | new EnumClass(...) | ClassInstanceExpr | | enumClass.kt:3:11:3:11 | 1 | IntegerLiteral | +| enumClass.kt:6:1:16:1 | Enum | TypeAccess | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | TypeAccess | +| enumClass.kt:6:1:16:1 | new Enum(...) | ClassInstanceExpr | +| enumClass.kt:8:3:11:4 | ...=... | KtInitializerAssignExpr | +| enumClass.kt:8:3:11:4 | | ImplicitCoercionToUnitExpr | +| enumClass.kt:8:3:11:4 | EnumWithFunctions | TypeAccess | +| enumClass.kt:8:3:11:4 | EnumWithFunctions | TypeAccess | +| enumClass.kt:8:3:11:4 | EnumWithFunctions | TypeAccess | +| enumClass.kt:8:3:11:4 | EnumWithFunctions.VAL | VarAccess | +| enumClass.kt:8:3:11:4 | Unit | TypeAccess | +| enumClass.kt:8:3:11:4 | VAL | TypeAccess | +| enumClass.kt:8:3:11:4 | new EnumWithFunctions(...) | ClassInstanceExpr | +| enumClass.kt:8:3:11:4 | new VAL(...) | ClassInstanceExpr | +| enumClass.kt:9:14:9:30 | int | TypeAccess | +| enumClass.kt:9:20:9:25 | int | TypeAccess | +| enumClass.kt:9:30:9:30 | i | VarAccess | +| enumClass.kt:10:14:10:42 | int | TypeAccess | +| enumClass.kt:10:20:10:25 | int | TypeAccess | +| enumClass.kt:10:30:10:33 | this | ThisAccess | +| enumClass.kt:10:30:10:42 | ... + ... | AddExpr | +| enumClass.kt:10:35:10:38 | f(...) | MethodAccess | +| enumClass.kt:10:37:10:37 | i | VarAccess | +| enumClass.kt:10:42:10:42 | i | VarAccess | +| enumClass.kt:13:12:13:29 | int | TypeAccess | +| enumClass.kt:13:18:13:23 | int | TypeAccess | +| enumClass.kt:14:12:14:29 | int | TypeAccess | +| enumClass.kt:14:18:14:23 | int | TypeAccess | | methods2.kt:4:1:5:1 | Unit | TypeAccess | | methods2.kt:4:26:4:31 | int | TypeAccess | | methods2.kt:4:34:4:39 | int | TypeAccess | diff --git a/java/ql/test/kotlin/library-tests/methods/methods.expected b/java/ql/test/kotlin/library-tests/methods/methods.expected index e68bc650ce6..6a86ea6bf5b 100644 --- a/java/ql/test/kotlin/library-tests/methods/methods.expected +++ b/java/ql/test/kotlin/library-tests/methods/methods.expected @@ -1,10 +1,11 @@ methods -| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:0:0:0:0 | | () | | Compiler generated | +| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:0:0:0:0 | | () | static | Compiler generated | | clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | getTopLevelInt | getTopLevelInt() | public, static | Compiler generated | | clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | setTopLevelInt | setTopLevelInt(int) | public, static | Compiler generated | | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | component1 | component1() | public | Compiler generated | | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | component2 | component2() | public | Compiler generated | | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | copy | copy(int,java.lang.String) | public | Compiler generated | +| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | copy$default | copy$default(DataClass,int,java.lang.String,int,java.lang.Object) | public, static | Compiler generated | | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | equals | equals(java.lang.Object) | override, public | Compiler generated | | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | hashCode | hashCode() | override, public | Compiler generated | | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | toString | toString() | override, public | Compiler generated | @@ -24,10 +25,17 @@ methods | delegates.kt:8:32:11:5 | new KMutableProperty1(...) { ... } | delegates.kt:8:32:11:5 | set | set(MyClass,java.lang.String) | override, public | | | delegates.kt:8:32:11:5 | new KMutableProperty1(...) { ... } | delegates.kt:8:32:11:5 | set | set(MyClass,java.lang.String) | override, public | | | delegates.kt:8:66:11:5 | new Function3,String,String,Unit>(...) { ... } | delegates.kt:8:66:11:5 | invoke | invoke(kotlin.reflect.KProperty,java.lang.String,java.lang.String) | override, public | | -| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | | () | | Compiler generated | +| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | | () | static | Compiler generated | | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | public, static | Compiler generated | | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | values | values() | public, static | Compiler generated | | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:1:22:1:31 | getV | getV() | public | Compiler generated | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | | () | static | Compiler generated | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | public, static | Compiler generated | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | values | values() | public, static | Compiler generated | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:13:12:13:29 | f | f(int) | public | | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:14:12:14:29 | g | g(int) | public | | +| enumClass.kt:8:3:11:4 | VAL | enumClass.kt:9:14:9:30 | f | f(int) | override, public | | +| enumClass.kt:8:3:11:4 | VAL | enumClass.kt:10:14:10:42 | g | g(int) | override, public | | | methods2.kt:0:0:0:0 | Methods2Kt | methods2.kt:4:1:5:1 | fooBarTopLevelMethod | fooBarTopLevelMethod(int,int) | public, static | | | methods2.kt:7:1:10:1 | Class2 | methods2.kt:8:5:9:5 | fooBarClassMethod | fooBarClassMethod(int,int) | public | | | methods3.kt:0:0:0:0 | Methods3Kt | methods3.kt:3:1:3:42 | fooBarTopLevelMethodExt | fooBarTopLevelMethodExt(int,int) | public, static | | @@ -55,6 +63,8 @@ constructors | delegates.kt:8:32:11:5 | new KMutableProperty1(...) { ... } | delegates.kt:8:32:11:5 | | | | delegates.kt:8:66:11:5 | new Function3,String,String,Unit>(...) { ... } | delegates.kt:8:66:11:5 | | | | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:1:6:4:1 | EnumClass | EnumClass(int) | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:6:6:16:1 | EnumWithFunctions | EnumWithFunctions() | +| enumClass.kt:8:3:11:4 | VAL | enumClass.kt:8:3:11:4 | VAL | VAL() | | methods2.kt:7:1:10:1 | Class2 | methods2.kt:7:1:10:1 | Class2 | Class2() | | methods3.kt:5:1:7:1 | Class3 | methods3.kt:5:1:7:1 | Class3 | Class3() | | methods4.kt:3:1:11:1 | NestedTest | methods4.kt:3:1:11:1 | NestedTest | NestedTest() | diff --git a/java/ql/test/kotlin/library-tests/methods/parameters.expected b/java/ql/test/kotlin/library-tests/methods/parameters.expected index 2b35e69e502..4475aeba459 100644 --- a/java/ql/test/kotlin/library-tests/methods/parameters.expected +++ b/java/ql/test/kotlin/library-tests/methods/parameters.expected @@ -1,6 +1,11 @@ | clinit.kt:3:1:3:24 | setTopLevelInt | clinit.kt:3:1:3:24 | | 0 | | dataClass.kt:0:0:0:0 | copy | dataClass.kt:1:22:1:31 | x | 0 | | dataClass.kt:0:0:0:0 | copy | dataClass.kt:1:34:1:46 | y | 1 | +| dataClass.kt:0:0:0:0 | copy$default | dataClass.kt:0:0:0:0 | p0 | 0 | +| dataClass.kt:0:0:0:0 | copy$default | dataClass.kt:0:0:0:0 | p1 | 1 | +| dataClass.kt:0:0:0:0 | copy$default | dataClass.kt:0:0:0:0 | p2 | 2 | +| dataClass.kt:0:0:0:0 | copy$default | dataClass.kt:0:0:0:0 | p3 | 3 | +| dataClass.kt:0:0:0:0 | copy$default | dataClass.kt:0:0:0:0 | p4 | 4 | | dataClass.kt:0:0:0:0 | equals | dataClass.kt:0:0:0:0 | other | 0 | | dataClass.kt:1:34:1:46 | setY | dataClass.kt:1:34:1:46 | | 0 | | delegates.kt:4:18:6:5 | get | delegates.kt:4:18:6:5 | a0 | 0 | @@ -18,6 +23,11 @@ | delegates.kt:8:66:11:5 | invoke | delegates.kt:9:15:9:17 | old | 1 | | delegates.kt:8:66:11:5 | invoke | delegates.kt:9:20:9:22 | new | 2 | | enumClass.kt:0:0:0:0 | valueOf | enumClass.kt:0:0:0:0 | value | 0 | +| enumClass.kt:0:0:0:0 | valueOf | enumClass.kt:0:0:0:0 | value | 0 | +| enumClass.kt:9:14:9:30 | f | enumClass.kt:9:20:9:25 | i | 0 | +| enumClass.kt:10:14:10:42 | g | enumClass.kt:10:20:10:25 | i | 0 | +| enumClass.kt:13:12:13:29 | f | enumClass.kt:13:18:13:23 | i | 0 | +| enumClass.kt:14:12:14:29 | g | enumClass.kt:14:18:14:23 | i | 0 | | methods2.kt:4:1:5:1 | fooBarTopLevelMethod | methods2.kt:4:26:4:31 | x | 0 | | methods2.kt:4:1:5:1 | fooBarTopLevelMethod | methods2.kt:4:34:4:39 | y | 1 | | methods2.kt:8:5:9:5 | fooBarClassMethod | methods2.kt:8:27:8:32 | x | 0 | diff --git a/java/ql/test/kotlin/library-tests/ministdlib/MiniStdLib.kt b/java/ql/test/kotlin/library-tests/ministdlib/MiniStdLib.kt new file mode 100644 index 00000000000..214e384686f --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/MiniStdLib.kt @@ -0,0 +1,33 @@ +package kotlin + +/* +This is a mini standard library replacement, to make it easy to write +very small tests that create very small databases. + +If you define a class, then you will need to also define any members that +compiler/ir/ir.psi2ir/src/org/jetbrains/kotlin/psi2ir/descriptors/IrBuiltInsOverDescriptors.kt +expects (e.g. with findFunctions(...).first) to exist. +*/ + +public open class Any { + fun toString(): String { return this.toString() } + open operator fun equals(other: Any?): Boolean { return this.equals(other) } +} + +public class String { + operator fun plus(other: Any?): String { return this.plus(other) } +} + +public class Boolean { + operator fun not(): Boolean { return this.not() } +} + +public class Int { + operator fun plus(other: Int): Int { return this.plus(other) } + operator fun times(other: Int): Int { return this.times(other) } + infix fun xor(other: Int): Int { return this.xor(other) } +} + +public object Unit { +} + diff --git a/java/ql/test/kotlin/library-tests/ministdlib/MyClass.kt b/java/ql/test/kotlin/library-tests/ministdlib/MyClass.kt new file mode 100644 index 00000000000..eaa7e450bbb --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/MyClass.kt @@ -0,0 +1 @@ +class MyClass {} diff --git a/java/ql/test/kotlin/library-tests/ministdlib/classes.expected b/java/ql/test/kotlin/library-tests/ministdlib/classes.expected new file mode 100644 index 00000000000..8d1bc538129 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/classes.expected @@ -0,0 +1,7 @@ +| MiniStdLib.kt:12:1:15:1 | Any | +| MiniStdLib.kt:17:1:19:1 | String | +| MiniStdLib.kt:21:1:23:1 | Boolean | +| MiniStdLib.kt:25:1:29:1 | Int | +| MiniStdLib.kt:31:1:32:1 | Unit | +| MyClass.kt:1:1:1:16 | MyClass | +| file://:0:0:0:0 | FakeKotlinClass | diff --git a/java/ql/test/kotlin/library-tests/ministdlib/classes.ql b/java/ql/test/kotlin/library-tests/ministdlib/classes.ql new file mode 100644 index 00000000000..86c654ea986 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/classes.ql @@ -0,0 +1,4 @@ +import java + +from Class c +select c diff --git a/java/ql/test/kotlin/library-tests/ministdlib/options b/java/ql/test/kotlin/library-tests/ministdlib/options new file mode 100644 index 00000000000..052bfdb9a30 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/options @@ -0,0 +1 @@ +codeql-extractor-kotlin-options: -no-jdk -no-reflect -no-stdlib -Xallow-kotlin-package diff --git a/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected b/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected index 14b5124b7ae..cdde306d74f 100644 --- a/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected +++ b/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected @@ -1,5 +1,5 @@ -| modifiers.kt:1:1:25:1 | X | Class | public | -| modifiers.kt:1:6:25:1 | X | Constructor | public | +| modifiers.kt:1:1:29:1 | X | Class | public | +| modifiers.kt:1:6:29:1 | X | Constructor | public | | modifiers.kt:2:5:2:21 | a | Field | final | | modifiers.kt:2:5:2:21 | a | Field | private | | modifiers.kt:2:5:2:21 | a | Property | private | @@ -39,3 +39,32 @@ | modifiers.kt:23:9:23:27 | localClass | Constructor | public | | modifiers.kt:23:9:23:27 | localClass | LocalClass | final | | modifiers.kt:23:9:23:27 | localClass | LocalClass | private | +| modifiers.kt:26:12:26:46 | fn4 | Method | inline | +| modifiers.kt:26:12:26:46 | fn4 | Method | public | +| modifiers.kt:26:20:26:41 | f | Parameter | noinline | +| modifiers.kt:27:12:27:49 | fn5 | Method | inline | +| modifiers.kt:27:12:27:49 | fn5 | Method | public | +| modifiers.kt:27:20:27:44 | f | Parameter | crossinline | +| modifiers.kt:28:12:28:39 | fn6 | Method | inline | +| modifiers.kt:28:12:28:39 | fn6 | Method | public | +| modifiers.kt:28:17:28:25 | T | TypeVariable | reified | +| modifiers.kt:31:1:33:1 | Y | Class | final | +| modifiers.kt:31:1:33:1 | Y | Class | public | +| modifiers.kt:31:1:33:1 | Y | Constructor | public | +| modifiers.kt:31:1:33:1 | Y | GenericType | final | +| modifiers.kt:31:1:33:1 | Y | GenericType | public | +| modifiers.kt:31:1:33:1 | Y | ParameterizedType | final | +| modifiers.kt:31:1:33:1 | Y | ParameterizedType | public | +| modifiers.kt:31:9:31:13 | T1 | TypeVariable | in | +| modifiers.kt:31:16:31:21 | T2 | TypeVariable | out | +| modifiers.kt:32:5:32:32 | foo | Method | public | +| modifiers.kt:35:1:41:1 | LateInit | Class | final | +| modifiers.kt:35:1:41:1 | LateInit | Class | public | +| modifiers.kt:35:8:41:1 | LateInit | Constructor | public | +| modifiers.kt:36:5:36:40 | test0 | Field | private | +| modifiers.kt:36:5:36:40 | test0 | Property | lateinit | +| modifiers.kt:36:5:36:40 | test0 | Property | private | +| modifiers.kt:36:22:36:40 | getTest0$private | Method | private | +| modifiers.kt:36:22:36:40 | setTest0$private | Method | private | +| modifiers.kt:38:5:40:5 | fn | Method | public | +| modifiers.kt:39:9:39:36 | LateInit test1 | LocalVariableDecl | lateinit | diff --git a/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt b/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt index 6435f378091..62de34aadb2 100644 --- a/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt +++ b/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt @@ -22,4 +22,20 @@ open class X { fun fn3() { class localClass {} } + + inline fun fn4(noinline f: () -> Unit) { } + inline fun fn5(crossinline f: () -> Unit) { } + inline fun fn6(x: T) {} } + +class Y { + fun foo(t: T1) : T2 = null!! +} + +public class LateInit { + private lateinit var test0: LateInit + + fun fn() { + lateinit var test1: LateInit + } +} \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/multiple_extensions/calls.expected b/java/ql/test/kotlin/library-tests/multiple_extensions/calls.expected index dd9c60f1a80..cb0e0eaf085 100644 --- a/java/ql/test/kotlin/library-tests/multiple_extensions/calls.expected +++ b/java/ql/test/kotlin/library-tests/multiple_extensions/calls.expected @@ -1,4 +1,4 @@ | PropertyReferenceDelegatesKt | getValue(KProperty0, Object, KProperty) | | PropertyReferenceDelegatesKt | getValue(KProperty1, T, KProperty) | | StringsKt | removePrefix(String, CharSequence) | -| StringsKt | startsWith(String, String, boolean) | +| StringsKt | startsWith$default(String, String, boolean, int, Object) | diff --git a/java/ql/test/kotlin/library-tests/numlines/callable.expected b/java/ql/test/kotlin/library-tests/numlines/callable.expected new file mode 100644 index 00000000000..52f3a4f2cbe --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/callable.expected @@ -0,0 +1,6 @@ +| test.kt:2:1:4:1 | foo | 3 | 3 | 0 | +| test.kt:8:1:8:9 | getX | 1 | 1 | 0 | +| test.kt:18:1:18:17 | getY | 5 | 1 | 4 | +| test.kt:20:1:26:1 | Foo | 7 | 6 | 1 | +| test.kt:21:5:24:5 | bar | 4 | 3 | 1 | +| test.kt:25:5:25:21 | getSomeField | 1 | 1 | 0 | diff --git a/java/ql/test/kotlin/library-tests/numlines/callable.ql b/java/ql/test/kotlin/library-tests/numlines/callable.ql new file mode 100644 index 00000000000..c9775a24c5d --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/callable.ql @@ -0,0 +1,4 @@ +import java + +from Callable c +select c, c.getTotalNumberOfLines(), c.getNumberOfLinesOfCode(), c.getNumberOfCommentLines() diff --git a/java/ql/test/kotlin/library-tests/numlines/classes.expected b/java/ql/test/kotlin/library-tests/numlines/classes.expected new file mode 100644 index 00000000000..35000a02464 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/classes.expected @@ -0,0 +1 @@ +| test.kt:20:1:26:1 | Foo | 7 | 6 | 1 | diff --git a/java/ql/test/kotlin/library-tests/numlines/classes.ql b/java/ql/test/kotlin/library-tests/numlines/classes.ql new file mode 100644 index 00000000000..4c987784146 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/classes.ql @@ -0,0 +1,4 @@ +import java + +from Class c +select c, c.getTotalNumberOfLines(), c.getNumberOfLinesOfCode(), c.getNumberOfCommentLines() diff --git a/java/ql/test/kotlin/library-tests/numlines/files.expected b/java/ql/test/kotlin/library-tests/numlines/files.expected new file mode 100644 index 00000000000..1cc9c337bac --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/files.expected @@ -0,0 +1 @@ +| test.kt:0:0:0:0 | test | 28 | 11 | 9 | diff --git a/java/ql/test/kotlin/library-tests/numlines/files.ql b/java/ql/test/kotlin/library-tests/numlines/files.ql new file mode 100644 index 00000000000..ca56da73369 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/files.ql @@ -0,0 +1,4 @@ +import java + +from File f +select f, f.getTotalNumberOfLines(), f.getNumberOfLinesOfCode(), f.getNumberOfCommentLines() diff --git a/java/ql/test/kotlin/library-tests/numlines/test.kt b/java/ql/test/kotlin/library-tests/numlines/test.kt new file mode 100644 index 00000000000..1ede04c7952 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/test.kt @@ -0,0 +1,27 @@ + +fun foo ( x : Int ) { + val y = ( x + 1 ) +} + +// test + +val x = 4 + +/* +test +*/ + +/** +test +*/ + +val y = 5 // test + +class Foo { + fun bar() { + // comment + return + } + val someField = 3 +} + diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected new file mode 100644 index 00000000000..6a850a431d2 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected @@ -0,0 +1,1302 @@ +test.kt: +# 0| [CompilationUnit] test +# 0| 1: [Class] TestKt +# 1| 1: [Method] sink +# 1| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 1| 0: [Parameter] a +# 1| 0: [TypeAccess] Object +# 1| 5: [BlockStmt] { ... } +# 3| 2: [Class] TestMember +# 3| 1: [Constructor] TestMember +# 3| 5: [BlockStmt] { ... } +# 3| 0: [SuperConstructorInvocationStmt] super(...) +# 3| 1: [BlockStmt] { ... } +# 5| 2: [Method] f +# 5| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 5| 0: [Parameter] x +# 5| 0: [TypeAccess] String +# 5| 1: [Parameter] y +# 5| 0: [TypeAccess] String +# 5| 2: [Parameter] z +# 5| 0: [TypeAccess] String +# 5| 5: [BlockStmt] { ... } +# 6| 0: [ExprStmt] ; +# 6| 0: [MethodAccess] sink(...) +# 6| -1: [TypeAccess] TestKt +# 6| 0: [VarAccess] y +# 5| 3: [Method] f$default +# 5| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 5| 0: [Parameter] p0 +# 5| 0: [TypeAccess] TestMember +# 5| 1: [Parameter] p1 +# 5| 0: [TypeAccess] String +# 5| 2: [Parameter] p2 +# 5| 0: [TypeAccess] String +# 5| 3: [Parameter] p3 +# 5| 0: [TypeAccess] String +# 5| 4: [Parameter] p4 +# 5| 0: [TypeAccess] int +# 5| 5: [Parameter] p5 +# 5| 0: [TypeAccess] Object +# 5| 5: [BlockStmt] { ... } +# 5| 0: [IfStmt] if (...) +# 5| 0: [EQExpr] ... == ... +# 5| 0: [AndBitwiseExpr] ... & ... +# 5| 0: [IntegerLiteral] 2 +# 5| 1: [VarAccess] p4 +# 5| 1: [IntegerLiteral] 0 +# 5| 1: [ExprStmt] ; +# 5| 0: [AssignExpr] ...=... +# 5| 0: [VarAccess] p2 +# 5| 1: [VarAccess] p1 +# 5| 1: [IfStmt] if (...) +# 5| 0: [EQExpr] ... == ... +# 5| 0: [AndBitwiseExpr] ... & ... +# 5| 0: [IntegerLiteral] 4 +# 5| 1: [VarAccess] p4 +# 5| 1: [IntegerLiteral] 0 +# 5| 1: [ExprStmt] ; +# 5| 0: [AssignExpr] ...=... +# 5| 0: [VarAccess] p3 +# 5| 1: [StringLiteral] hello world +# 5| 2: [ReturnStmt] return ... +# 5| 0: [MethodAccess] f(...) +# 5| -1: [VarAccess] p0 +# 5| 0: [VarAccess] p1 +# 5| 1: [VarAccess] p2 +# 5| 2: [VarAccess] p3 +# 9| 4: [Method] user +# 9| 3: [TypeAccess] Unit +# 9| 5: [BlockStmt] { ... } +# 10| 0: [ExprStmt] ; +# 10| 0: [MethodAccess] f$default(...) +# 10| -1: [TypeAccess] TestMember +# 10| 0: [ThisAccess] this +# 10| 1: [StringLiteral] member sunk +# 1| 2: [NullLiteral] null +# 1| 3: [NullLiteral] null +# 1| 4: [IntegerLiteral] 1 +# 1| 5: [NullLiteral] null +# 11| 1: [ExprStmt] ; +# 11| 0: [MethodAccess] f$default(...) +# 11| -1: [TypeAccess] TestMember +# 11| 0: [ThisAccess] this +# 11| 1: [StringLiteral] member sunk fp +# 11| 2: [StringLiteral] member sunk 2 +# 1| 3: [NullLiteral] null +# 1| 4: [IntegerLiteral] 3 +# 1| 5: [NullLiteral] null +# 12| 2: [ExprStmt] ; +# 12| 0: [MethodAccess] f(...) +# 12| -1: [ThisAccess] this +# 12| 0: [StringLiteral] not sunk +# 12| 1: [StringLiteral] member sunk 3 +# 12| 2: [StringLiteral] not sunk +# 17| 3: [Class] TestExtensionMember +# 17| 1: [Constructor] TestExtensionMember +# 17| 5: [BlockStmt] { ... } +# 17| 0: [SuperConstructorInvocationStmt] super(...) +# 17| 1: [BlockStmt] { ... } +# 19| 2: [ExtensionMethod] f +# 19| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 19| 0: [Parameter] +# 19| 0: [TypeAccess] String +# 19| 1: [Parameter] x +# 19| 0: [TypeAccess] String +# 19| 2: [Parameter] y +# 19| 0: [TypeAccess] String +# 19| 3: [Parameter] z +# 19| 0: [TypeAccess] String +# 19| 5: [BlockStmt] { ... } +# 20| 0: [ExprStmt] ; +# 20| 0: [MethodAccess] sink(...) +# 20| -1: [TypeAccess] TestKt +# 20| 0: [ExtensionReceiverAccess] this +# 21| 1: [ExprStmt] ; +# 21| 0: [MethodAccess] sink(...) +# 21| -1: [TypeAccess] TestKt +# 21| 0: [VarAccess] y +# 19| 3: [Method] f$default +# 19| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 19| 0: [Parameter] p0 +# 19| 0: [TypeAccess] String +# 19| 1: [Parameter] p1 +# 19| 0: [TypeAccess] TestExtensionMember +# 19| 2: [Parameter] p2 +# 19| 0: [TypeAccess] String +# 19| 3: [Parameter] p3 +# 19| 0: [TypeAccess] String +# 19| 4: [Parameter] p4 +# 19| 0: [TypeAccess] String +# 19| 5: [Parameter] p5 +# 19| 0: [TypeAccess] int +# 19| 6: [Parameter] p6 +# 19| 0: [TypeAccess] Object +# 19| 5: [BlockStmt] { ... } +# 19| 0: [IfStmt] if (...) +# 19| 0: [EQExpr] ... == ... +# 19| 0: [AndBitwiseExpr] ... & ... +# 19| 0: [IntegerLiteral] 2 +# 19| 1: [VarAccess] p5 +# 19| 1: [IntegerLiteral] 0 +# 19| 1: [ExprStmt] ; +# 19| 0: [AssignExpr] ...=... +# 19| 0: [VarAccess] p3 +# 19| 1: [VarAccess] p2 +# 19| 1: [IfStmt] if (...) +# 19| 0: [EQExpr] ... == ... +# 19| 0: [AndBitwiseExpr] ... & ... +# 19| 0: [IntegerLiteral] 4 +# 19| 1: [VarAccess] p5 +# 19| 1: [IntegerLiteral] 0 +# 19| 1: [ExprStmt] ; +# 19| 0: [AssignExpr] ...=... +# 19| 0: [VarAccess] p4 +# 19| 1: [StringLiteral] hello world +# 19| 2: [ReturnStmt] return ... +# 19| 0: [MethodAccess] f(...) +# 19| -1: [VarAccess] p1 +# 19| 0: [VarAccess] p0 +# 19| 1: [VarAccess] p2 +# 19| 2: [VarAccess] p3 +# 19| 3: [VarAccess] p4 +# 24| 4: [Method] user +# 24| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 24| 0: [Parameter] sunk +# 24| 0: [TypeAccess] String +# 24| 5: [BlockStmt] { ... } +# 25| 0: [ExprStmt] ; +# 25| 0: [MethodAccess] f$default(...) +# 25| -1: [TypeAccess] TestExtensionMember +# 25| 0: [VarAccess] sunk +# 25| 1: [ThisAccess] this +# 25| 2: [StringLiteral] extension sunk +# 1| 3: [NullLiteral] null +# 1| 4: [NullLiteral] null +# 1| 5: [IntegerLiteral] 1 +# 1| 6: [NullLiteral] null +# 26| 1: [ExprStmt] ; +# 26| 0: [MethodAccess] f$default(...) +# 26| -1: [TypeAccess] TestExtensionMember +# 26| 0: [VarAccess] sunk +# 26| 1: [ThisAccess] this +# 26| 2: [StringLiteral] extension sunk fp +# 26| 3: [StringLiteral] extension sunk 2 +# 1| 4: [NullLiteral] null +# 1| 5: [IntegerLiteral] 3 +# 1| 6: [NullLiteral] null +# 27| 2: [ExprStmt] ; +# 27| 0: [MethodAccess] f(...) +# 27| -1: [ThisAccess] this +# 27| 0: [VarAccess] sunk +# 27| 1: [StringLiteral] not sunk +# 27| 2: [StringLiteral] extension sunk 3 +# 27| 3: [StringLiteral] not sunk +# 32| 4: [Class] TestStaticMember +# 32| 1: [Constructor] TestStaticMember +# 32| 5: [BlockStmt] { ... } +# 32| 0: [SuperConstructorInvocationStmt] super(...) +# 32| 1: [BlockStmt] { ... } +# 34| 2: [Method] f +# 34| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 34| 0: [Parameter] x +# 34| 0: [TypeAccess] String +# 34| 1: [Parameter] y +# 34| 0: [TypeAccess] String +# 34| 2: [Parameter] z +# 34| 0: [TypeAccess] String +# 34| 5: [BlockStmt] { ... } +# 35| 0: [ExprStmt] ; +# 35| 0: [MethodAccess] sink(...) +# 35| -1: [TypeAccess] TestKt +# 35| 0: [VarAccess] y +# 34| 3: [Method] f$default +# 34| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 34| 0: [Parameter] p0 +# 34| 0: [TypeAccess] String +# 34| 1: [Parameter] p1 +# 34| 0: [TypeAccess] String +# 34| 2: [Parameter] p2 +# 34| 0: [TypeAccess] String +# 34| 3: [Parameter] p3 +# 34| 0: [TypeAccess] int +# 34| 4: [Parameter] p4 +# 34| 0: [TypeAccess] Object +# 34| 5: [BlockStmt] { ... } +# 34| 0: [IfStmt] if (...) +# 34| 0: [EQExpr] ... == ... +# 34| 0: [AndBitwiseExpr] ... & ... +# 34| 0: [IntegerLiteral] 2 +# 34| 1: [VarAccess] p3 +# 34| 1: [IntegerLiteral] 0 +# 34| 1: [ExprStmt] ; +# 34| 0: [AssignExpr] ...=... +# 34| 0: [VarAccess] p1 +# 34| 1: [VarAccess] p0 +# 34| 1: [IfStmt] if (...) +# 34| 0: [EQExpr] ... == ... +# 34| 0: [AndBitwiseExpr] ... & ... +# 34| 0: [IntegerLiteral] 4 +# 34| 1: [VarAccess] p3 +# 34| 1: [IntegerLiteral] 0 +# 34| 1: [ExprStmt] ; +# 34| 0: [AssignExpr] ...=... +# 34| 0: [VarAccess] p2 +# 34| 1: [StringLiteral] hello world +# 34| 2: [ReturnStmt] return ... +# 34| 0: [MethodAccess] f(...) +# 34| -1: [TypeAccess] TestStaticMember +# 34| 0: [VarAccess] p0 +# 34| 1: [VarAccess] p1 +# 34| 2: [VarAccess] p2 +# 38| 4: [Method] user +# 38| 3: [TypeAccess] Unit +# 38| 5: [BlockStmt] { ... } +# 39| 0: [ExprStmt] ; +# 39| 0: [MethodAccess] f$default(...) +# 39| -1: [TypeAccess] TestStaticMember +# 39| 0: [StringLiteral] static sunk +# 1| 1: [NullLiteral] null +# 1| 2: [NullLiteral] null +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 40| 1: [ExprStmt] ; +# 40| 0: [MethodAccess] f$default(...) +# 40| -1: [TypeAccess] TestStaticMember +# 40| 0: [StringLiteral] static sunk fp +# 40| 1: [StringLiteral] static sunk 2 +# 1| 2: [NullLiteral] null +# 1| 3: [IntegerLiteral] 3 +# 1| 4: [NullLiteral] null +# 41| 2: [ExprStmt] ; +# 41| 0: [MethodAccess] f(...) +# 41| -1: [TypeAccess] TestStaticMember +# 41| 0: [StringLiteral] not sunk +# 41| 1: [StringLiteral] static sunk 3 +# 41| 2: [StringLiteral] not sunk +# 46| 5: [Class] ExtendMe +# 46| 1: [Constructor] ExtendMe +# 46| 5: [BlockStmt] { ... } +# 46| 0: [SuperConstructorInvocationStmt] super(...) +# 46| 1: [BlockStmt] { ... } +# 48| 2: [Method] f +# 48| 3: [TypeAccess] String +#-----| 4: (Parameters) +# 48| 0: [Parameter] x +# 48| 0: [TypeAccess] String +# 48| 5: [BlockStmt] { ... } +# 48| 0: [ReturnStmt] return ... +# 48| 0: [VarAccess] x +# 52| 6: [Class] TestReceiverReferences +# 52| 1: [Constructor] TestReceiverReferences +# 52| 5: [BlockStmt] { ... } +# 52| 0: [SuperConstructorInvocationStmt] super(...) +# 52| 1: [BlockStmt] { ... } +# 54| 2: [Method] g +# 54| 3: [TypeAccess] String +#-----| 4: (Parameters) +# 54| 0: [Parameter] x +# 54| 0: [TypeAccess] String +# 54| 5: [BlockStmt] { ... } +# 54| 0: [ReturnStmt] return ... +# 54| 0: [VarAccess] x +# 56| 3: [ExtensionMethod] test +# 56| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 56| 0: [Parameter] +# 56| 0: [TypeAccess] ExtendMe +# 56| 1: [Parameter] x +# 56| 0: [TypeAccess] String +# 56| 2: [Parameter] y +# 56| 0: [TypeAccess] String +# 56| 3: [Parameter] z +# 56| 0: [TypeAccess] String +# 56| 5: [BlockStmt] { ... } +# 57| 0: [ExprStmt] ; +# 57| 0: [MethodAccess] sink(...) +# 57| -1: [TypeAccess] TestKt +# 57| 0: [VarAccess] y +# 56| 4: [Method] test$default +# 56| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 56| 0: [Parameter] p0 +# 56| 0: [TypeAccess] ExtendMe +# 56| 1: [Parameter] p1 +# 56| 0: [TypeAccess] TestReceiverReferences +# 56| 2: [Parameter] p2 +# 56| 0: [TypeAccess] String +# 56| 3: [Parameter] p3 +# 56| 0: [TypeAccess] String +# 56| 4: [Parameter] p4 +# 56| 0: [TypeAccess] String +# 56| 5: [Parameter] p5 +# 56| 0: [TypeAccess] int +# 56| 6: [Parameter] p6 +# 56| 0: [TypeAccess] Object +# 56| 5: [BlockStmt] { ... } +# 56| 0: [IfStmt] if (...) +# 56| 0: [EQExpr] ... == ... +# 56| 0: [AndBitwiseExpr] ... & ... +# 56| 0: [IntegerLiteral] 2 +# 56| 1: [VarAccess] p5 +# 56| 1: [IntegerLiteral] 0 +# 56| 1: [ExprStmt] ; +# 56| 0: [AssignExpr] ...=... +# 56| 0: [VarAccess] p3 +# 56| 1: [MethodAccess] f(...) +# 56| -1: [VarAccess] p0 +# 56| 0: [MethodAccess] g(...) +# 56| -1: [VarAccess] p1 +# 56| 0: [VarAccess] p2 +# 56| 1: [IfStmt] if (...) +# 56| 0: [EQExpr] ... == ... +# 56| 0: [AndBitwiseExpr] ... & ... +# 56| 0: [IntegerLiteral] 4 +# 56| 1: [VarAccess] p5 +# 56| 1: [IntegerLiteral] 0 +# 56| 1: [ExprStmt] ; +# 56| 0: [AssignExpr] ...=... +# 56| 0: [VarAccess] p4 +# 56| 1: [StringLiteral] hello world +# 56| 2: [ReturnStmt] return ... +# 56| 0: [MethodAccess] test(...) +# 56| -1: [VarAccess] p1 +# 56| 0: [VarAccess] p0 +# 56| 1: [VarAccess] p2 +# 56| 2: [VarAccess] p3 +# 56| 3: [VarAccess] p4 +# 60| 5: [Method] user +# 60| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 60| 0: [Parameter] t +# 60| 0: [TypeAccess] ExtendMe +# 60| 5: [BlockStmt] { ... } +# 61| 0: [ExprStmt] ; +# 61| 0: [MethodAccess] test$default(...) +# 61| -1: [TypeAccess] TestReceiverReferences +# 61| 0: [VarAccess] t +# 61| 1: [ThisAccess] this +# 61| 2: [StringLiteral] receiver refs sunk +# 1| 3: [NullLiteral] null +# 1| 4: [NullLiteral] null +# 1| 5: [IntegerLiteral] 1 +# 1| 6: [NullLiteral] null +# 62| 1: [ExprStmt] ; +# 62| 0: [MethodAccess] test$default(...) +# 62| -1: [TypeAccess] TestReceiverReferences +# 62| 0: [VarAccess] t +# 62| 1: [ThisAccess] this +# 62| 2: [StringLiteral] receiver refs sunk fp +# 62| 3: [StringLiteral] receiver refs sunk 2 +# 1| 4: [NullLiteral] null +# 1| 5: [IntegerLiteral] 3 +# 1| 6: [NullLiteral] null +# 63| 2: [ExprStmt] ; +# 63| 0: [MethodAccess] test(...) +# 63| -1: [ThisAccess] this +# 63| 0: [VarAccess] t +# 63| 1: [StringLiteral] not sunk +# 63| 2: [StringLiteral] receiver refs sunk 3 +# 63| 3: [StringLiteral] not sunk +# 68| 7: [Class] TestConstructor +# 68| 1: [Constructor] TestConstructor +#-----| 4: (Parameters) +# 68| 0: [Parameter] x +# 68| 0: [TypeAccess] String +# 68| 1: [Parameter] y +# 68| 0: [TypeAccess] String +# 68| 2: [Parameter] z +# 68| 0: [TypeAccess] String +# 68| 5: [BlockStmt] { ... } +# 68| 0: [SuperConstructorInvocationStmt] super(...) +# 68| 1: [BlockStmt] { ... } +# 71| 0: [ExprStmt] ; +# 71| 0: [MethodAccess] sink(...) +# 71| -1: [TypeAccess] TestKt +# 71| 0: [VarAccess] y +# 68| 2: [Constructor] TestConstructor +#-----| 4: (Parameters) +# 68| 0: [Parameter] p0 +# 68| 0: [TypeAccess] String +# 68| 1: [Parameter] p1 +# 68| 0: [TypeAccess] String +# 68| 2: [Parameter] p2 +# 68| 0: [TypeAccess] String +# 68| 3: [Parameter] p3 +# 68| 0: [TypeAccess] int +# 68| 4: [Parameter] p4 +# 68| 0: [TypeAccess] DefaultConstructorMarker +# 68| 5: [BlockStmt] { ... } +# 68| 0: [IfStmt] if (...) +# 68| 0: [EQExpr] ... == ... +# 68| 0: [AndBitwiseExpr] ... & ... +# 68| 0: [IntegerLiteral] 2 +# 68| 1: [VarAccess] p3 +# 68| 1: [IntegerLiteral] 0 +# 68| 1: [ExprStmt] ; +# 68| 0: [AssignExpr] ...=... +# 68| 0: [VarAccess] p1 +# 68| 1: [VarAccess] p0 +# 68| 1: [IfStmt] if (...) +# 68| 0: [EQExpr] ... == ... +# 68| 0: [AndBitwiseExpr] ... & ... +# 68| 0: [IntegerLiteral] 4 +# 68| 1: [VarAccess] p3 +# 68| 1: [IntegerLiteral] 0 +# 68| 1: [ExprStmt] ; +# 68| 0: [AssignExpr] ...=... +# 68| 0: [VarAccess] p2 +# 68| 1: [StringLiteral] hello world +# 68| 2: [ThisConstructorInvocationStmt] this(...) +# 68| 0: [VarAccess] p0 +# 68| 1: [VarAccess] p1 +# 68| 2: [VarAccess] p2 +# 74| 3: [Method] user +# 74| 3: [TypeAccess] Unit +# 74| 5: [BlockStmt] { ... } +# 75| 0: [ExprStmt] ; +# 75| 0: [ImplicitCoercionToUnitExpr] +# 75| 0: [TypeAccess] Unit +# 75| 1: [ClassInstanceExpr] new TestConstructor(...) +# 75| -3: [TypeAccess] TestConstructor +# 75| 0: [StringLiteral] constructor sunk +# 1| 1: [NullLiteral] null +# 1| 2: [NullLiteral] null +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 76| 1: [ExprStmt] ; +# 76| 0: [ImplicitCoercionToUnitExpr] +# 76| 0: [TypeAccess] Unit +# 76| 1: [ClassInstanceExpr] new TestConstructor(...) +# 76| -3: [TypeAccess] TestConstructor +# 76| 0: [StringLiteral] constructor sunk fp +# 76| 1: [StringLiteral] constructor sunk 2 +# 1| 2: [NullLiteral] null +# 1| 3: [IntegerLiteral] 3 +# 1| 4: [NullLiteral] null +# 77| 2: [ExprStmt] ; +# 77| 0: [ImplicitCoercionToUnitExpr] +# 77| 0: [TypeAccess] Unit +# 77| 1: [ClassInstanceExpr] new TestConstructor(...) +# 77| -3: [TypeAccess] TestConstructor +# 77| 0: [StringLiteral] not sunk +# 77| 1: [StringLiteral] constructor sunk 3 +# 77| 2: [StringLiteral] not sunk +# 82| 8: [Class] TestLocal +# 82| 1: [Constructor] TestLocal +# 82| 5: [BlockStmt] { ... } +# 82| 0: [SuperConstructorInvocationStmt] super(...) +# 82| 1: [BlockStmt] { ... } +# 84| 2: [Method] enclosing +# 84| 3: [TypeAccess] Unit +# 84| 5: [BlockStmt] { ... } +# 86| 0: [LocalTypeDeclStmt] class ... +# 86| 0: [LocalClass] +# 86| 1: [Constructor] +# 86| 5: [BlockStmt] { ... } +# 86| 0: [SuperConstructorInvocationStmt] super(...) +# 86| 2: [Method] f +# 86| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 86| 0: [Parameter] x +# 86| 0: [TypeAccess] String +# 86| 1: [Parameter] y +# 86| 0: [TypeAccess] String +# 86| 2: [Parameter] z +# 86| 0: [TypeAccess] String +# 86| 5: [BlockStmt] { ... } +# 87| 0: [ExprStmt] ; +# 87| 0: [MethodAccess] sink(...) +# 87| -1: [TypeAccess] TestKt +# 87| 0: [VarAccess] y +# 86| 3: [Method] f$default +# 86| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 86| 0: [Parameter] p0 +# 86| 0: [TypeAccess] String +# 86| 1: [Parameter] p1 +# 86| 0: [TypeAccess] String +# 86| 2: [Parameter] p2 +# 86| 0: [TypeAccess] String +# 86| 3: [Parameter] p3 +# 86| 0: [TypeAccess] int +# 86| 4: [Parameter] p4 +# 86| 0: [TypeAccess] Object +# 86| 5: [BlockStmt] { ... } +# 86| 0: [IfStmt] if (...) +# 86| 0: [EQExpr] ... == ... +# 86| 0: [AndBitwiseExpr] ... & ... +# 86| 0: [IntegerLiteral] 2 +# 86| 1: [VarAccess] p3 +# 86| 1: [IntegerLiteral] 0 +# 86| 1: [ExprStmt] ; +# 86| 0: [AssignExpr] ...=... +# 86| 0: [VarAccess] p1 +# 86| 1: [VarAccess] p0 +# 86| 1: [IfStmt] if (...) +# 86| 0: [EQExpr] ... == ... +# 86| 0: [AndBitwiseExpr] ... & ... +# 86| 0: [IntegerLiteral] 4 +# 86| 1: [VarAccess] p3 +# 86| 1: [IntegerLiteral] 0 +# 86| 1: [ExprStmt] ; +# 86| 0: [AssignExpr] ...=... +# 86| 0: [VarAccess] p2 +# 86| 1: [StringLiteral] hello world +# 86| 2: [ReturnStmt] return ... +# 86| 0: [MethodAccess] f(...) +# 86| -1: [ClassInstanceExpr] new (...) +# 86| -3: [TypeAccess] Object +# 86| 0: [VarAccess] p0 +# 86| 1: [VarAccess] p1 +# 86| 2: [VarAccess] p2 +# 90| 1: [LocalTypeDeclStmt] class ... +# 90| 0: [LocalClass] +# 90| 1: [Constructor] +# 90| 5: [BlockStmt] { ... } +# 90| 0: [SuperConstructorInvocationStmt] super(...) +# 90| 2: [Method] user +# 90| 3: [TypeAccess] Unit +# 90| 5: [BlockStmt] { ... } +# 91| 0: [ExprStmt] ; +# 91| 0: [MethodAccess] f$default(...) +# 91| -1: [TypeAccess] +# 91| 0: [StringLiteral] local sunk +# 1| 1: [NullLiteral] null +# 1| 2: [NullLiteral] null +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 92| 1: [ExprStmt] ; +# 92| 0: [MethodAccess] f$default(...) +# 92| -1: [TypeAccess] +# 92| 0: [StringLiteral] local sunk fp +# 92| 1: [StringLiteral] local sunk 2 +# 1| 2: [NullLiteral] null +# 1| 3: [IntegerLiteral] 3 +# 1| 4: [NullLiteral] null +# 93| 2: [ExprStmt] ; +# 93| 0: [MethodAccess] f(...) +# 93| -1: [ClassInstanceExpr] new (...) +# 93| -3: [TypeAccess] Object +# 93| 0: [StringLiteral] not sunk +# 93| 1: [StringLiteral] local sunk 3 +# 93| 2: [StringLiteral] not sunk +# 100| 9: [Class] TestLocalClass +# 100| 1: [Constructor] TestLocalClass +# 100| 5: [BlockStmt] { ... } +# 100| 0: [SuperConstructorInvocationStmt] super(...) +# 100| 1: [BlockStmt] { ... } +# 102| 2: [Method] enclosingFunction +# 102| 3: [TypeAccess] Unit +# 102| 5: [BlockStmt] { ... } +# 104| 0: [LocalTypeDeclStmt] class ... +# 104| 0: [LocalClass] EnclosingLocalClass +# 104| 1: [Constructor] EnclosingLocalClass +# 104| 5: [BlockStmt] { ... } +# 104| 0: [SuperConstructorInvocationStmt] super(...) +# 104| 1: [BlockStmt] { ... } +# 106| 2: [Method] f +# 106| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 106| 0: [Parameter] x +# 106| 0: [TypeAccess] String +# 106| 1: [Parameter] y +# 106| 0: [TypeAccess] String +# 106| 2: [Parameter] z +# 106| 0: [TypeAccess] String +# 106| 5: [BlockStmt] { ... } +# 107| 0: [ExprStmt] ; +# 107| 0: [MethodAccess] sink(...) +# 107| -1: [TypeAccess] TestKt +# 107| 0: [VarAccess] y +# 106| 3: [Method] f$default +# 106| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 106| 0: [Parameter] p0 +# 106| 0: [TypeAccess] EnclosingLocalClass +# 106| 1: [Parameter] p1 +# 106| 0: [TypeAccess] String +# 106| 2: [Parameter] p2 +# 106| 0: [TypeAccess] String +# 106| 3: [Parameter] p3 +# 106| 0: [TypeAccess] String +# 106| 4: [Parameter] p4 +# 106| 0: [TypeAccess] int +# 106| 5: [Parameter] p5 +# 106| 0: [TypeAccess] Object +# 106| 5: [BlockStmt] { ... } +# 106| 0: [IfStmt] if (...) +# 106| 0: [EQExpr] ... == ... +# 106| 0: [AndBitwiseExpr] ... & ... +# 106| 0: [IntegerLiteral] 2 +# 106| 1: [VarAccess] p4 +# 106| 1: [IntegerLiteral] 0 +# 106| 1: [ExprStmt] ; +# 106| 0: [AssignExpr] ...=... +# 106| 0: [VarAccess] p2 +# 106| 1: [VarAccess] p1 +# 106| 1: [IfStmt] if (...) +# 106| 0: [EQExpr] ... == ... +# 106| 0: [AndBitwiseExpr] ... & ... +# 106| 0: [IntegerLiteral] 4 +# 106| 1: [VarAccess] p4 +# 106| 1: [IntegerLiteral] 0 +# 106| 1: [ExprStmt] ; +# 106| 0: [AssignExpr] ...=... +# 106| 0: [VarAccess] p3 +# 106| 1: [StringLiteral] hello world +# 106| 2: [ReturnStmt] return ... +# 106| 0: [MethodAccess] f(...) +# 106| -1: [VarAccess] p0 +# 106| 0: [VarAccess] p1 +# 106| 1: [VarAccess] p2 +# 106| 2: [VarAccess] p3 +# 110| 4: [Method] user +# 110| 3: [TypeAccess] Unit +# 110| 5: [BlockStmt] { ... } +# 111| 0: [ExprStmt] ; +# 111| 0: [MethodAccess] f$default(...) +# 111| -1: [TypeAccess] EnclosingLocalClass +# 111| 0: [ThisAccess] this +# 111| 1: [StringLiteral] local sunk +# 1| 2: [NullLiteral] null +# 1| 3: [NullLiteral] null +# 1| 4: [IntegerLiteral] 1 +# 1| 5: [NullLiteral] null +# 112| 1: [ExprStmt] ; +# 112| 0: [MethodAccess] f$default(...) +# 112| -1: [TypeAccess] EnclosingLocalClass +# 112| 0: [ThisAccess] this +# 112| 1: [StringLiteral] local sunk fp +# 112| 2: [StringLiteral] local sunk 2 +# 1| 3: [NullLiteral] null +# 1| 4: [IntegerLiteral] 3 +# 1| 5: [NullLiteral] null +# 113| 2: [ExprStmt] ; +# 113| 0: [MethodAccess] f(...) +# 113| -1: [ThisAccess] this +# 113| 0: [StringLiteral] not sunk +# 113| 1: [StringLiteral] local sunk 3 +# 113| 2: [StringLiteral] not sunk +# 122| 10: [Class,GenericType,ParameterizedType] TestGeneric +#-----| -2: (Generic Parameters) +# 122| 0: [TypeVariable] T +# 122| 1: [Constructor] TestGeneric +# 122| 5: [BlockStmt] { ... } +# 122| 0: [SuperConstructorInvocationStmt] super(...) +# 122| 1: [BlockStmt] { ... } +# 124| 2: [Method] f +# 124| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 124| 0: [Parameter] x +# 124| 0: [TypeAccess] T +# 124| 1: [Parameter] y +# 124| 0: [TypeAccess] T +# 124| 2: [Parameter] z +# 124| 0: [TypeAccess] T +# 124| 5: [BlockStmt] { ... } +# 125| 0: [ExprStmt] ; +# 125| 0: [MethodAccess] sink(...) +# 125| -1: [TypeAccess] TestKt +# 125| 0: [VarAccess] y +# 124| 3: [Method] f$default +# 124| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 124| 0: [Parameter] p0 +# 124| 0: [TypeAccess] TestGeneric<> +# 124| 1: [Parameter] p1 +# 124| 0: [TypeAccess] Object +# 124| 2: [Parameter] p2 +# 124| 0: [TypeAccess] Object +# 124| 3: [Parameter] p3 +# 124| 0: [TypeAccess] Object +# 124| 4: [Parameter] p4 +# 124| 0: [TypeAccess] int +# 124| 5: [Parameter] p5 +# 124| 0: [TypeAccess] Object +# 124| 5: [BlockStmt] { ... } +# 124| 0: [IfStmt] if (...) +# 124| 0: [EQExpr] ... == ... +# 124| 0: [AndBitwiseExpr] ... & ... +# 124| 0: [IntegerLiteral] 2 +# 124| 1: [VarAccess] p4 +# 124| 1: [IntegerLiteral] 0 +# 124| 1: [ExprStmt] ; +# 124| 0: [AssignExpr] ...=... +# 124| 0: [VarAccess] p2 +# 124| 1: [VarAccess] p1 +# 124| 1: [IfStmt] if (...) +# 124| 0: [EQExpr] ... == ... +# 124| 0: [AndBitwiseExpr] ... & ... +# 124| 0: [IntegerLiteral] 4 +# 124| 1: [VarAccess] p4 +# 124| 1: [IntegerLiteral] 0 +# 124| 1: [ExprStmt] ; +# 124| 0: [AssignExpr] ...=... +# 124| 0: [VarAccess] p3 +# 124| 1: [NullLiteral] null +# 124| 2: [ReturnStmt] return ... +# 124| 0: [MethodAccess] f(...) +# 124| -1: [VarAccess] p0 +# 124| 0: [VarAccess] p1 +# 124| 1: [VarAccess] p2 +# 124| 2: [VarAccess] p3 +# 128| 4: [Method] user +# 128| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 128| 0: [Parameter] tgs +# 128| 0: [TypeAccess] TestGeneric +# 128| 0: [TypeAccess] String +# 128| 1: [Parameter] tcs +# 128| 0: [TypeAccess] TestGeneric +# 128| 0: [TypeAccess] CharSequence +# 128| 5: [BlockStmt] { ... } +# 129| 0: [ExprStmt] ; +# 129| 0: [MethodAccess] f$default(...) +# 129| -1: [TypeAccess] TestGeneric<> +# 129| 0: [VarAccess] tgs +# 129| 1: [StringLiteral] generic sunk +# 1| 2: [NullLiteral] null +# 1| 3: [NullLiteral] null +# 1| 4: [IntegerLiteral] 1 +# 1| 5: [NullLiteral] null +# 130| 1: [ExprStmt] ; +# 130| 0: [MethodAccess] f$default(...) +# 130| -1: [TypeAccess] TestGeneric<> +# 130| 0: [VarAccess] tcs +# 130| 1: [StringLiteral] generic sunk fp +# 130| 2: [StringLiteral] generic sunk 2 +# 1| 3: [NullLiteral] null +# 1| 4: [IntegerLiteral] 3 +# 1| 5: [NullLiteral] null +# 131| 2: [ExprStmt] ; +# 131| 0: [MethodAccess] f(...) +# 131| -1: [VarAccess] tgs +# 131| 0: [StringLiteral] not sunk +# 131| 1: [StringLiteral] generic sunk 3 +# 131| 2: [StringLiteral] not sunk +# 132| 3: [ExprStmt] ; +# 132| 0: [MethodAccess] f(...) +# 132| -1: [VarAccess] tcs +# 132| 0: [StringLiteral] not sunk +# 132| 1: [StringLiteral] generic sunk 3 +# 132| 2: [StringLiteral] not sunk +# 135| 5: [Method] testReturn +# 135| 3: [TypeAccess] T +#-----| 4: (Parameters) +# 135| 0: [Parameter] t1 +# 135| 0: [TypeAccess] T +# 135| 1: [Parameter] t2 +# 135| 0: [TypeAccess] T +# 135| 5: [BlockStmt] { ... } +# 135| 0: [ReturnStmt] return ... +# 135| 0: [VarAccess] t1 +# 135| 6: [Method] testReturn$default +# 135| 3: [TypeAccess] Object +#-----| 4: (Parameters) +# 135| 0: [Parameter] p0 +# 135| 0: [TypeAccess] TestGeneric<> +# 135| 1: [Parameter] p1 +# 135| 0: [TypeAccess] Object +# 135| 2: [Parameter] p2 +# 135| 0: [TypeAccess] Object +# 135| 3: [Parameter] p3 +# 135| 0: [TypeAccess] int +# 135| 4: [Parameter] p4 +# 135| 0: [TypeAccess] Object +# 135| 5: [BlockStmt] { ... } +# 135| 0: [IfStmt] if (...) +# 135| 0: [EQExpr] ... == ... +# 135| 0: [AndBitwiseExpr] ... & ... +# 135| 0: [IntegerLiteral] 2 +# 135| 1: [VarAccess] p3 +# 135| 1: [IntegerLiteral] 0 +# 135| 1: [ExprStmt] ; +# 135| 0: [AssignExpr] ...=... +# 135| 0: [VarAccess] p2 +# 135| 1: [NullLiteral] null +# 135| 1: [ReturnStmt] return ... +# 135| 0: [MethodAccess] testReturn(...) +# 135| -1: [VarAccess] p0 +# 135| 0: [VarAccess] p1 +# 135| 1: [VarAccess] p2 +# 137| 7: [Method] testReturnUser +# 137| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 137| 0: [Parameter] tgs +# 137| 0: [TypeAccess] TestGeneric +# 137| 0: [TypeAccess] String +# 137| 5: [BlockStmt] { ... } +# 138| 0: [ExprStmt] ; +# 138| 0: [MethodAccess] sink(...) +# 138| -1: [TypeAccess] TestKt +# 138| 0: [MethodAccess] testReturn$default(...) +# 138| -1: [TypeAccess] TestGeneric<> +# 138| 0: [VarAccess] tgs +# 138| 1: [StringLiteral] sunk return value +# 1| 2: [NullLiteral] null +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 143| 12: [Class,GenericType,ParameterizedType] TestGenericFunction +#-----| -2: (Generic Parameters) +# 143| 0: [TypeVariable] T +# 143| 1: [Constructor] TestGenericFunction +# 143| 5: [BlockStmt] { ... } +# 143| 0: [SuperConstructorInvocationStmt] super(...) +# 143| 1: [BlockStmt] { ... } +# 145| 2: [Method] f +#-----| 2: (Generic Parameters) +# 145| 0: [TypeVariable] S +# 145| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 145| 0: [Parameter] x +# 145| 0: [TypeAccess] S +# 145| 1: [Parameter] y +# 145| 0: [TypeAccess] T +# 145| 2: [Parameter] def1 +# 145| 0: [TypeAccess] T +# 145| 3: [Parameter] def2 +# 145| 0: [TypeAccess] List +# 145| 0: [WildcardTypeAccess] ? ... +# 145| 0: [TypeAccess] T +# 145| 4: [Parameter] def3 +# 145| 0: [TypeAccess] S +# 145| 5: [Parameter] def4 +# 145| 0: [TypeAccess] List +# 145| 0: [WildcardTypeAccess] ? ... +# 145| 0: [TypeAccess] S +# 145| 5: [BlockStmt] { ... } +# 146| 0: [ExprStmt] ; +# 146| 0: [MethodAccess] sink(...) +# 146| -1: [TypeAccess] TestKt +# 146| 0: [VarAccess] y +# 145| 3: [Method] f$default +# 145| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 145| 0: [Parameter] p0 +# 145| 0: [TypeAccess] TestGenericFunction<> +# 145| 1: [Parameter] p1 +# 145| 0: [TypeAccess] Object +# 145| 2: [Parameter] p2 +# 145| 0: [TypeAccess] Object +# 145| 3: [Parameter] p3 +# 145| 0: [TypeAccess] Object +# 145| 4: [Parameter] p4 +# 145| 0: [TypeAccess] List<> +# 145| 5: [Parameter] p5 +# 145| 0: [TypeAccess] Object +# 145| 6: [Parameter] p6 +# 145| 0: [TypeAccess] List<> +# 145| 7: [Parameter] p7 +# 145| 0: [TypeAccess] int +# 145| 8: [Parameter] p8 +# 145| 0: [TypeAccess] Object +# 145| 5: [BlockStmt] { ... } +# 145| 0: [IfStmt] if (...) +# 145| 0: [EQExpr] ... == ... +# 145| 0: [AndBitwiseExpr] ... & ... +# 145| 0: [IntegerLiteral] 2 +# 145| 1: [VarAccess] p7 +# 145| 1: [IntegerLiteral] 0 +# 145| 1: [ExprStmt] ; +# 145| 0: [AssignExpr] ...=... +# 145| 0: [VarAccess] p2 +# 145| 1: [VarAccess] p1 +# 145| 1: [IfStmt] if (...) +# 145| 0: [EQExpr] ... == ... +# 145| 0: [AndBitwiseExpr] ... & ... +# 145| 0: [IntegerLiteral] 4 +# 145| 1: [VarAccess] p7 +# 145| 1: [IntegerLiteral] 0 +# 145| 1: [ExprStmt] ; +# 145| 0: [AssignExpr] ...=... +# 145| 0: [VarAccess] p3 +# 145| 1: [NullLiteral] null +# 145| 2: [IfStmt] if (...) +# 145| 0: [EQExpr] ... == ... +# 145| 0: [AndBitwiseExpr] ... & ... +# 145| 0: [IntegerLiteral] 8 +# 145| 1: [VarAccess] p7 +# 145| 1: [IntegerLiteral] 0 +# 145| 1: [ExprStmt] ; +# 145| 0: [AssignExpr] ...=... +# 145| 0: [VarAccess] p4 +# 145| 1: [MethodAccess] listOf(...) +# 145| -2: [TypeAccess] Object +# 145| -1: [TypeAccess] CollectionsKt +# 145| 0: [VarAccess] p2 +# 145| 3: [IfStmt] if (...) +# 145| 0: [EQExpr] ... == ... +# 145| 0: [AndBitwiseExpr] ... & ... +# 145| 0: [IntegerLiteral] 16 +# 145| 1: [VarAccess] p7 +# 145| 1: [IntegerLiteral] 0 +# 145| 1: [ExprStmt] ; +# 145| 0: [AssignExpr] ...=... +# 145| 0: [VarAccess] p5 +# 145| 1: [NullLiteral] null +# 145| 4: [IfStmt] if (...) +# 145| 0: [EQExpr] ... == ... +# 145| 0: [AndBitwiseExpr] ... & ... +# 145| 0: [IntegerLiteral] 32 +# 145| 1: [VarAccess] p7 +# 145| 1: [IntegerLiteral] 0 +# 145| 1: [ExprStmt] ; +# 145| 0: [AssignExpr] ...=... +# 145| 0: [VarAccess] p6 +# 145| 1: [MethodAccess] listOf(...) +# 145| -2: [TypeAccess] Object +# 145| -1: [TypeAccess] CollectionsKt +# 145| 0: [VarAccess] p1 +# 145| 5: [ReturnStmt] return ... +# 145| 0: [MethodAccess] f(...) +# 145| -1: [VarAccess] p0 +# 145| 0: [VarAccess] p1 +# 145| 1: [VarAccess] p2 +# 145| 2: [VarAccess] p3 +# 145| 3: [VarAccess] p4 +# 145| 4: [VarAccess] p5 +# 145| 5: [VarAccess] p6 +# 149| 4: [Method] user +# 149| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 149| 0: [Parameter] inst +# 149| 0: [TypeAccess] TestGenericFunction +# 149| 0: [TypeAccess] String +# 149| 5: [BlockStmt] { ... } +# 150| 0: [ExprStmt] ; +# 150| 0: [MethodAccess] f$default(...) +# 150| -1: [TypeAccess] TestGenericFunction<> +# 150| 0: [VarAccess] inst +# 150| 1: [StringLiteral] generic function sunk +# 1| 2: [NullLiteral] null +# 1| 3: [NullLiteral] null +# 1| 4: [NullLiteral] null +# 1| 5: [NullLiteral] null +# 1| 6: [NullLiteral] null +# 1| 7: [IntegerLiteral] 1 +# 1| 8: [NullLiteral] null +# 151| 1: [ExprStmt] ; +# 151| 0: [MethodAccess] f$default(...) +# 151| -1: [TypeAccess] TestGenericFunction<> +# 151| 0: [VarAccess] inst +# 151| 1: [StringLiteral] generic function sunk fp +# 151| 2: [StringLiteral] generic function sunk 2 +# 1| 3: [NullLiteral] null +# 1| 4: [NullLiteral] null +# 1| 5: [NullLiteral] null +# 1| 6: [NullLiteral] null +# 1| 7: [IntegerLiteral] 3 +# 1| 8: [NullLiteral] null +# 156| 14: [Class] VisibilityTests +# 156| 1: [Constructor] VisibilityTests +# 156| 5: [BlockStmt] { ... } +# 156| 0: [SuperConstructorInvocationStmt] super(...) +# 156| 1: [BlockStmt] { ... } +# 158| 2: [Method] f +# 158| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 158| 0: [Parameter] x +# 158| 0: [TypeAccess] int +# 158| 1: [Parameter] y +# 158| 0: [TypeAccess] int +# 158| 5: [BlockStmt] { ... } +# 158| 0: [ReturnStmt] return ... +# 158| 0: [AddExpr] ... + ... +# 158| 0: [VarAccess] x +# 158| 1: [VarAccess] y +# 158| 3: [Method] f$default +# 158| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 158| 0: [Parameter] p0 +# 158| 0: [TypeAccess] VisibilityTests +# 158| 1: [Parameter] p1 +# 158| 0: [TypeAccess] int +# 158| 2: [Parameter] p2 +# 158| 0: [TypeAccess] int +# 158| 3: [Parameter] p3 +# 158| 0: [TypeAccess] int +# 158| 4: [Parameter] p4 +# 158| 0: [TypeAccess] Object +# 158| 5: [BlockStmt] { ... } +# 158| 0: [IfStmt] if (...) +# 158| 0: [EQExpr] ... == ... +# 158| 0: [AndBitwiseExpr] ... & ... +# 158| 0: [IntegerLiteral] 2 +# 158| 1: [VarAccess] p3 +# 158| 1: [IntegerLiteral] 0 +# 158| 1: [ExprStmt] ; +# 158| 0: [AssignExpr] ...=... +# 158| 0: [VarAccess] p2 +# 158| 1: [IntegerLiteral] 0 +# 158| 1: [ReturnStmt] return ... +# 158| 0: [MethodAccess] f(...) +# 158| -1: [VarAccess] p0 +# 158| 0: [VarAccess] p1 +# 158| 1: [VarAccess] p2 +# 159| 4: [Method] g$main +# 159| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 159| 0: [Parameter] x +# 159| 0: [TypeAccess] int +# 159| 1: [Parameter] y +# 159| 0: [TypeAccess] int +# 159| 5: [BlockStmt] { ... } +# 159| 0: [ReturnStmt] return ... +# 159| 0: [AddExpr] ... + ... +# 159| 0: [VarAccess] x +# 159| 1: [VarAccess] y +# 159| 5: [Method] g$main$default +# 159| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 159| 0: [Parameter] p0 +# 159| 0: [TypeAccess] VisibilityTests +# 159| 1: [Parameter] p1 +# 159| 0: [TypeAccess] int +# 159| 2: [Parameter] p2 +# 159| 0: [TypeAccess] int +# 159| 3: [Parameter] p3 +# 159| 0: [TypeAccess] int +# 159| 4: [Parameter] p4 +# 159| 0: [TypeAccess] Object +# 159| 5: [BlockStmt] { ... } +# 159| 0: [IfStmt] if (...) +# 159| 0: [EQExpr] ... == ... +# 159| 0: [AndBitwiseExpr] ... & ... +# 159| 0: [IntegerLiteral] 2 +# 159| 1: [VarAccess] p3 +# 159| 1: [IntegerLiteral] 0 +# 159| 1: [ExprStmt] ; +# 159| 0: [AssignExpr] ...=... +# 159| 0: [VarAccess] p2 +# 159| 1: [IntegerLiteral] 0 +# 159| 1: [ReturnStmt] return ... +# 159| 0: [MethodAccess] g$main(...) +# 159| -1: [VarAccess] p0 +# 159| 0: [VarAccess] p1 +# 159| 1: [VarAccess] p2 +# 160| 6: [Method] h +# 160| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 160| 0: [Parameter] x +# 160| 0: [TypeAccess] int +# 160| 1: [Parameter] y +# 160| 0: [TypeAccess] int +# 160| 5: [BlockStmt] { ... } +# 160| 0: [ReturnStmt] return ... +# 160| 0: [AddExpr] ... + ... +# 160| 0: [VarAccess] x +# 160| 1: [VarAccess] y +# 160| 7: [Method] h$default +# 160| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 160| 0: [Parameter] p0 +# 160| 0: [TypeAccess] VisibilityTests +# 160| 1: [Parameter] p1 +# 160| 0: [TypeAccess] int +# 160| 2: [Parameter] p2 +# 160| 0: [TypeAccess] int +# 160| 3: [Parameter] p3 +# 160| 0: [TypeAccess] int +# 160| 4: [Parameter] p4 +# 160| 0: [TypeAccess] Object +# 160| 5: [BlockStmt] { ... } +# 160| 0: [IfStmt] if (...) +# 160| 0: [EQExpr] ... == ... +# 160| 0: [AndBitwiseExpr] ... & ... +# 160| 0: [IntegerLiteral] 2 +# 160| 1: [VarAccess] p3 +# 160| 1: [IntegerLiteral] 0 +# 160| 1: [ExprStmt] ; +# 160| 0: [AssignExpr] ...=... +# 160| 0: [VarAccess] p2 +# 160| 1: [IntegerLiteral] 0 +# 160| 1: [ReturnStmt] return ... +# 160| 0: [MethodAccess] h(...) +# 160| -1: [VarAccess] p0 +# 160| 0: [VarAccess] p1 +# 160| 1: [VarAccess] p2 +# 161| 8: [Method] i +# 161| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 161| 0: [Parameter] x +# 161| 0: [TypeAccess] int +# 161| 1: [Parameter] y +# 161| 0: [TypeAccess] int +# 161| 5: [BlockStmt] { ... } +# 161| 0: [ReturnStmt] return ... +# 161| 0: [AddExpr] ... + ... +# 161| 0: [VarAccess] x +# 161| 1: [VarAccess] y +# 161| 9: [Method] i$default +# 161| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 161| 0: [Parameter] p0 +# 161| 0: [TypeAccess] VisibilityTests +# 161| 1: [Parameter] p1 +# 161| 0: [TypeAccess] int +# 161| 2: [Parameter] p2 +# 161| 0: [TypeAccess] int +# 161| 3: [Parameter] p3 +# 161| 0: [TypeAccess] int +# 161| 4: [Parameter] p4 +# 161| 0: [TypeAccess] Object +# 161| 5: [BlockStmt] { ... } +# 161| 0: [IfStmt] if (...) +# 161| 0: [EQExpr] ... == ... +# 161| 0: [AndBitwiseExpr] ... & ... +# 161| 0: [IntegerLiteral] 2 +# 161| 1: [VarAccess] p3 +# 161| 1: [IntegerLiteral] 0 +# 161| 1: [ExprStmt] ; +# 161| 0: [AssignExpr] ...=... +# 161| 0: [VarAccess] p2 +# 161| 1: [IntegerLiteral] 0 +# 161| 1: [ReturnStmt] return ... +# 161| 0: [MethodAccess] i(...) +# 161| -1: [VarAccess] p0 +# 161| 0: [VarAccess] p1 +# 161| 1: [VarAccess] p2 +# 165| 15: [Class,GenericType,ParameterizedType] TestGenericUsedWithinDefaultValue +#-----| -2: (Generic Parameters) +# 165| 0: [TypeVariable] T +# 165| 1: [Constructor] TestGenericUsedWithinDefaultValue +# 165| 5: [BlockStmt] { ... } +# 165| 0: [SuperConstructorInvocationStmt] super(...) +# 165| 1: [BlockStmt] { ... } +# 171| 2: [Method] f +# 171| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 171| 0: [Parameter] x +# 171| 0: [TypeAccess] int +# 171| 1: [Parameter] y +# 171| 0: [TypeAccess] String +# 171| 5: [BlockStmt] { ... } +# 171| 3: [Method] f$default +# 171| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 171| 0: [Parameter] p0 +# 171| 0: [TypeAccess] TestGenericUsedWithinDefaultValue<> +# 171| 1: [Parameter] p1 +# 171| 0: [TypeAccess] int +# 171| 2: [Parameter] p2 +# 171| 0: [TypeAccess] String +# 171| 3: [Parameter] p3 +# 171| 0: [TypeAccess] int +# 171| 4: [Parameter] p4 +# 171| 0: [TypeAccess] Object +# 171| 5: [BlockStmt] { ... } +# 171| 0: [IfStmt] if (...) +# 171| 0: [EQExpr] ... == ... +# 171| 0: [AndBitwiseExpr] ... & ... +# 171| 0: [IntegerLiteral] 2 +# 171| 1: [VarAccess] p3 +# 171| 1: [IntegerLiteral] 0 +# 171| 1: [ExprStmt] ; +# 171| 0: [AssignExpr] ...=... +# 171| 0: [VarAccess] p2 +# 171| 1: [MethodAccess] ident(...) +# 171| -1: [ClassInstanceExpr] new TestGenericUsedWithinDefaultValue(...) +# 171| -3: [TypeAccess] TestGenericUsedWithinDefaultValue +# 171| 0: [TypeAccess] String +# 171| 0: [StringLiteral] Hello world +# 171| 1: [ReturnStmt] return ... +# 171| 0: [MethodAccess] f(...) +# 171| -1: [VarAccess] p0 +# 171| 0: [VarAccess] p1 +# 171| 1: [VarAccess] p2 +# 173| 4: [Method] ident +# 173| 3: [TypeAccess] T +#-----| 4: (Parameters) +# 173| 0: [Parameter] t +# 173| 0: [TypeAccess] T +# 173| 5: [BlockStmt] { ... } +# 173| 0: [ReturnStmt] return ... +# 173| 0: [VarAccess] t +# 177| 17: [Class] TestOverloadsWithDefaults +# 177| 1: [Constructor] TestOverloadsWithDefaults +# 177| 5: [BlockStmt] { ... } +# 177| 0: [SuperConstructorInvocationStmt] super(...) +# 177| 1: [BlockStmt] { ... } +# 179| 2: [Method] f +# 179| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 179| 0: [Parameter] x +# 179| 0: [TypeAccess] int +# 179| 1: [Parameter] y +# 179| 0: [TypeAccess] String +# 179| 5: [BlockStmt] { ... } +# 179| 3: [Method] f$default +# 179| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 179| 0: [Parameter] p0 +# 179| 0: [TypeAccess] TestOverloadsWithDefaults +# 179| 1: [Parameter] p1 +# 179| 0: [TypeAccess] int +# 179| 2: [Parameter] p2 +# 179| 0: [TypeAccess] String +# 179| 3: [Parameter] p3 +# 179| 0: [TypeAccess] int +# 179| 4: [Parameter] p4 +# 179| 0: [TypeAccess] Object +# 179| 5: [BlockStmt] { ... } +# 179| 0: [IfStmt] if (...) +# 179| 0: [EQExpr] ... == ... +# 179| 0: [AndBitwiseExpr] ... & ... +# 179| 0: [IntegerLiteral] 2 +# 179| 1: [VarAccess] p3 +# 179| 1: [IntegerLiteral] 0 +# 179| 1: [ExprStmt] ; +# 179| 0: [AssignExpr] ...=... +# 179| 0: [VarAccess] p2 +# 179| 1: [StringLiteral] Hello world +# 179| 1: [ReturnStmt] return ... +# 179| 0: [MethodAccess] f(...) +# 179| -1: [VarAccess] p0 +# 179| 0: [VarAccess] p1 +# 179| 1: [VarAccess] p2 +# 180| 4: [Method] f +# 180| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 180| 0: [Parameter] z +# 180| 0: [TypeAccess] String +# 180| 1: [Parameter] w +# 180| 0: [TypeAccess] int +# 180| 5: [BlockStmt] { ... } +# 180| 5: [Method] f$default +# 180| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 180| 0: [Parameter] p0 +# 180| 0: [TypeAccess] TestOverloadsWithDefaults +# 180| 1: [Parameter] p1 +# 180| 0: [TypeAccess] String +# 180| 2: [Parameter] p2 +# 180| 0: [TypeAccess] int +# 180| 3: [Parameter] p3 +# 180| 0: [TypeAccess] int +# 180| 4: [Parameter] p4 +# 180| 0: [TypeAccess] Object +# 180| 5: [BlockStmt] { ... } +# 180| 0: [IfStmt] if (...) +# 180| 0: [EQExpr] ... == ... +# 180| 0: [AndBitwiseExpr] ... & ... +# 180| 0: [IntegerLiteral] 2 +# 180| 1: [VarAccess] p3 +# 180| 1: [IntegerLiteral] 0 +# 180| 1: [ExprStmt] ; +# 180| 0: [AssignExpr] ...=... +# 180| 0: [VarAccess] p2 +# 180| 1: [IntegerLiteral] 0 +# 180| 1: [ReturnStmt] return ... +# 180| 0: [MethodAccess] f(...) +# 180| -1: [VarAccess] p0 +# 180| 0: [VarAccess] p1 +# 180| 1: [VarAccess] p2 diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.qlref b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.qlref new file mode 100644 index 00000000000..c7fd5faf239 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.qlref @@ -0,0 +1 @@ +semmle/code/java/PrintAst.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.expected new file mode 100644 index 00000000000..b0bb467d954 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.expected @@ -0,0 +1,15 @@ +| test.kt:5:3:7:3 | f | test.kt:5:3:7:3 | f$default | +| test.kt:34:14:36:3 | f | test.kt:34:14:36:3 | f$default | +| test.kt:68:1:80:1 | TestConstructor | test.kt:68:1:80:1 | TestConstructor | +| test.kt:86:5:88:5 | f | test.kt:86:5:88:5 | f$default | +| test.kt:106:7:108:7 | f | test.kt:106:7:108:7 | f$default | +| test.kt:124:3:126:3 | f | test.kt:124:3:126:3 | f$default | +| test.kt:135:3:135:43 | testReturn | test.kt:135:3:135:43 | testReturn$default | +| test.kt:145:3:147:3 | f | test.kt:145:3:147:3 | f$default | +| test.kt:158:3:158:35 | f | test.kt:158:3:158:35 | f$default | +| test.kt:159:12:159:44 | g$main | test.kt:159:12:159:44 | g$main$default | +| test.kt:160:13:160:45 | h | test.kt:160:13:160:45 | h$default | +| test.kt:161:11:161:43 | i | test.kt:161:11:161:43 | i$default | +| test.kt:171:3:171:97 | f | test.kt:171:3:171:97 | f$default | +| test.kt:179:3:179:46 | f | test.kt:179:3:179:46 | f$default | +| test.kt:180:3:180:34 | f | test.kt:180:3:180:34 | f$default | diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.ql b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.ql new file mode 100644 index 00000000000..e6f5f4b54c4 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.ql @@ -0,0 +1,7 @@ +import java + +from Callable realMethod, Callable defaultsProxy +where + defaultsProxy = realMethod.getKotlinParameterDefaultsProxy() and + realMethod.fromSource() +select realMethod, defaultsProxy diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql new file mode 100644 index 00000000000..9bb2ad44c15 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql @@ -0,0 +1,19 @@ +import java + +class InstantiatedType extends ParameterizedType { + InstantiatedType() { typeArgs(_, _, this) } +} + +// This checks that all type parameter references are erased in the context of a $default function. +predicate containsTypeVariables(Type t) { + t instanceof TypeVariable or + containsTypeVariables(t.(InstantiatedType).getATypeArgument()) or + containsTypeVariables(t.(NestedType).getEnclosingType()) or + containsTypeVariables(t.(Wildcard).getATypeBound().getType()) +} + +from Expr e +where + e.getEnclosingCallable().getName().matches("%$default") and + containsTypeVariables(e.getType()) +select e, e.getType() diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.expected new file mode 100644 index 00000000000..37b80612273 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.expected @@ -0,0 +1,2 @@ +shouldBeSunkButIsnt +shouldntBeSunkButIs diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.ql b/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.ql new file mode 100644 index 00000000000..28151ecdc85 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.ql @@ -0,0 +1,34 @@ +import java +import semmle.code.java.dataflow.DataFlow + +class ShouldNotBeSunk extends StringLiteral { + ShouldNotBeSunk() { this.getValue().matches("%not sunk%") } +} + +class ShouldBeSunk extends StringLiteral { + ShouldBeSunk() { + this.getValue().matches("%sunk%") and + not this instanceof ShouldNotBeSunk + } +} + +class Config extends DataFlow::Configuration { + Config() { this = "Config" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr() instanceof ShouldBeSunk or + n.asExpr() instanceof ShouldNotBeSunk + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().getName() = "sink" + } +} + +predicate isSunk(StringLiteral sl) { + exists(Config c, DataFlow::Node source | c.hasFlow(source, _) and sl = source.asExpr()) +} + +query predicate shouldBeSunkButIsnt(ShouldBeSunk src) { not isSunk(src) } + +query predicate shouldntBeSunkButIs(ShouldNotBeSunk src) { isSunk(src) } diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/test.kt b/java/ql/test/kotlin/library-tests/parameter-defaults/test.kt new file mode 100644 index 00000000000..a3bd483a4b4 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/test.kt @@ -0,0 +1,182 @@ +fun sink(a: Any?) { } + +class TestMember { + + fun f(x: String, y: String = x, z: String = "hello world") { + sink(y) + } + + fun user() { + f("member sunk") + f("member sunk fp", "member sunk 2") + f("not sunk", "member sunk 3", "not sunk") + } + +} + +class TestExtensionMember { + + fun String.f(x: String, y: String = x, z: String = "hello world") { + sink(this) + sink(y) + } + + fun user(sunk: String) { + sunk.f("extension sunk") + sunk.f("extension sunk fp", "extension sunk 2") + sunk.f("not sunk", "extension sunk 3", "not sunk") + } + +} + +object TestStaticMember { + + @JvmStatic fun f(x: String, y: String = x, z: String = "hello world") { + sink(y) + } + + fun user() { + f("static sunk") + f("static sunk fp", "static sunk 2") + f("not sunk", "static sunk 3", "not sunk") + } + +} + +class ExtendMe { + + fun f(x: String) = x + +} + +class TestReceiverReferences { + + fun g(x: String) = x + + fun ExtendMe.test(x: String, y: String = this.f(this@TestReceiverReferences.g(x)), z: String = "hello world") { + sink(y) + } + + fun user(t: ExtendMe) { + t.test("receiver refs sunk") + t.test("receiver refs sunk fp", "receiver refs sunk 2") + t.test("not sunk", "receiver refs sunk 3", "not sunk") + } + +} + +class TestConstructor(x: String, y: String = x, z: String = "hello world") { + + init { + sink(y) + } + + fun user() { + TestConstructor("constructor sunk") + TestConstructor("constructor sunk fp", "constructor sunk 2") + TestConstructor("not sunk", "constructor sunk 3", "not sunk") + } + +} + +class TestLocal { + + fun enclosing() { + + fun f(x: String, y: String = x, z: String = "hello world") { + sink(y) + } + + fun user() { + f("local sunk") + f("local sunk fp", "local sunk 2") + f("not sunk", "local sunk 3", "not sunk") + } + + } + +} + +class TestLocalClass { + + fun enclosingFunction() { + + class EnclosingLocalClass { + + fun f(x: String, y: String = x, z: String = "hello world") { + sink(y) + } + + fun user() { + f("local sunk") + f("local sunk fp", "local sunk 2") + f("not sunk", "local sunk 3", "not sunk") + } + + } + + } + +} + +class TestGeneric { + + fun f(x: T, y: T = x, z: T? = null) { + sink(y) + } + + fun user(tgs: TestGeneric, tcs: TestGeneric) { + tgs.f("generic sunk") + tcs.f("generic sunk fp", "generic sunk 2") + tgs.f("not sunk", "generic sunk 3", "not sunk") + tcs.f("not sunk", "generic sunk 3", "not sunk") + } + + fun testReturn(t1: T, t2: T? = null) = t1 + + fun testReturnUser(tgs: TestGeneric) { + sink(tgs.testReturn("sunk return value")) + } + +} + +class TestGenericFunction { + + fun f(x: S, y: T = x, def1: T? = null, def2: List = listOf(y), def3: S? = null, def4: List? = listOf(x)) { + sink(y) + } + + fun user(inst: TestGenericFunction) { + inst.f("generic function sunk") + inst.f("generic function sunk fp", "generic function sunk 2") + } + +} + +class VisibilityTests { + + fun f(x: Int, y: Int = 0) = x + y + internal fun g(x: Int, y: Int = 0) = x + y + protected fun h(x: Int, y: Int = 0) = x + y + private fun i(x: Int, y: Int = 0) = x + y + +} + +class TestGenericUsedWithinDefaultValue { + + // This tests parameter erasure works properly: we should notice that here the type variable T + // isn't used in the specialisation TestGenericUsedWithinDefaultValue, but it can be + // cited in contexts like "the signature of the source declaration of 'TestGenericUsedWithinDefaultValue.f(String)' is 'f(T)'", + // not 'f(Object)' as we might mistakenly conclude if we're inappropriately erasing 'T'. + fun f(x: Int, y: String = TestGenericUsedWithinDefaultValue().ident("Hello world")) { } + + fun ident(t: T) = t + +} + +class TestOverloadsWithDefaults { + + fun f(x: Int, y: String = "Hello world") { } + fun f(z: String, w: Int = 0) { } + +} diff --git a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected index 4c6907f99d4..40de73eadd9 100644 --- a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected +++ b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected @@ -1,15 +1,33 @@ +enclosingTypes +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A.class:0:0:0:0 | A | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A.class:0:0:0:0 | A | +| test.kt:9:18:11:3 | new If(...) { ... } | test.kt:7:1:22:1 | A | +| test.kt:13:33:15:3 | new If(...) { ... } | test.kt:7:1:22:1 | A | +| test.kt:13:33:15:3 | new If(...) { ... }<> | test.kt:7:1:22:1 | A<> | +#select +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | getX | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | getX | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | A | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getAnonType | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getPrivateAnonType$private | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | privateUser | | file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | A | | file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getAnonType | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getPrivateAnonType$private | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | privateUser | | file:///!unknown-binary-location/If.class:0:0:0:0 | If | file:///!unknown-binary-location/If.class:0:0:0:0 | getX | | file:///!unknown-binary-location/If.class:0:0:0:0 | If | file:///!unknown-binary-location/If.class:0:0:0:0 | getX | | other.kt:1:1:1:34 | Ext | other.kt:1:1:1:34 | Ext | -| test.kt:0:0:0:0 | TestKt | test.kt:19:1:19:38 | user | +| test.kt:0:0:0:0 | TestKt | test.kt:24:1:24:38 | user | | test.kt:1:1:5:1 | If | test.kt:3:3:3:11 | getX | -| test.kt:7:1:17:1 | A | test.kt:7:6:17:1 | A | -| test.kt:7:1:17:1 | A | test.kt:9:3:11:3 | anonType | -| test.kt:7:1:17:1 | A | test.kt:9:3:11:3 | getAnonType | -| test.kt:7:1:17:1 | A | test.kt:13:3:15:3 | privateAnonType | -| test.kt:7:1:17:1 | A | test.kt:13:11:15:3 | getPrivateAnonType$private | +| test.kt:7:1:22:1 | A | test.kt:7:6:22:1 | A | +| test.kt:7:1:22:1 | A | test.kt:9:3:11:3 | anonType | +| test.kt:7:1:22:1 | A | test.kt:9:3:11:3 | getAnonType | +| test.kt:7:1:22:1 | A | test.kt:13:3:15:3 | privateAnonType | +| test.kt:7:1:22:1 | A | test.kt:13:11:15:3 | getPrivateAnonType$private | +| test.kt:7:1:22:1 | A | test.kt:17:3:20:3 | privateUser | | test.kt:9:18:11:3 | new If(...) { ... } | test.kt:9:18:11:3 | | | test.kt:9:18:11:3 | new If(...) { ... } | test.kt:10:5:10:22 | x | | test.kt:9:18:11:3 | new If(...) { ... } | test.kt:10:14:10:22 | getX | diff --git a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt index b0d49124eac..7427a8044b4 100644 --- a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt +++ b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt @@ -14,6 +14,11 @@ open class A(t: T) { override val x = t } + fun privateUser(x: A, y: A) { + val a = x.privateAnonType.x + val b = y.privateAnonType.x + } + } fun user(x: A) = x.anonType.x diff --git a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql index 74bbc59a7fd..7383bfa9ad1 100644 --- a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql +++ b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql @@ -3,3 +3,7 @@ import java from ClassOrInterface ci, Member m where m = ci.getAMember() and ci.getSourceDeclaration().fromSource() select ci, m + +query predicate enclosingTypes(NestedType nt, Type encl) { + nt.getSourceDeclaration().fromSource() and encl = nt.getEnclosingType() +} diff --git a/java/ql/test/kotlin/library-tests/properties/properties.expected b/java/ql/test/kotlin/library-tests/properties/properties.expected index 7bbe706923c..01c82187a81 100644 --- a/java/ql/test/kotlin/library-tests/properties/properties.expected +++ b/java/ql/test/kotlin/library-tests/properties/properties.expected @@ -41,7 +41,7 @@ fieldDeclarations | properties.kt:28:5:29:22 | overrideGetter | properties.kt:29:13:29:22 | getOverrideGetter | properties.kt:28:5:29:22 | setOverrideGetter | properties.kt:28:5:29:22 | overrideGetter | public | | properties.kt:30:5:31:29 | overrideGetterUseField | properties.kt:31:13:31:29 | getOverrideGetterUseField | properties.kt:30:5:31:29 | setOverrideGetterUseField | properties.kt:30:5:31:29 | overrideGetterUseField | public | | properties.kt:32:5:33:29 | useField | properties.kt:33:13:33:29 | getUseField | file://:0:0:0:0 | | properties.kt:32:5:33:29 | useField | public | -| properties.kt:34:5:34:36 | lateInitVar | properties.kt:34:14:34:36 | getLateInitVar | properties.kt:34:14:34:36 | setLateInitVar | properties.kt:34:5:34:36 | lateInitVar | public | +| properties.kt:34:5:34:36 | lateInitVar | properties.kt:34:14:34:36 | getLateInitVar | properties.kt:34:14:34:36 | setLateInitVar | properties.kt:34:5:34:36 | lateInitVar | lateinit, public | | properties.kt:35:5:35:32 | privateProp | properties.kt:35:13:35:32 | getPrivateProp$private | file://:0:0:0:0 | | properties.kt:35:5:35:32 | privateProp | private | | properties.kt:36:5:36:36 | protectedProp | properties.kt:36:15:36:36 | getProtectedProp | file://:0:0:0:0 | | properties.kt:36:5:36:36 | protectedProp | protected | | properties.kt:37:5:37:30 | publicProp | properties.kt:37:12:37:30 | getPublicProp | file://:0:0:0:0 | | properties.kt:37:5:37:30 | publicProp | public | diff --git a/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected b/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected index b1da7cdcee2..64fffd47586 100644 --- a/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected @@ -124,6 +124,7 @@ reflection.kt: # 97| 1: [Constructor] # 97| 5: [BlockStmt] { ... } # 97| 0: [SuperConstructorInvocationStmt] super(...) +# 97| 0: [IntegerLiteral] 1 # 97| 2: [Method] invoke #-----| 4: (Parameters) # 97| 0: [Parameter] a0 @@ -148,6 +149,7 @@ reflection.kt: # 98| 1: [Constructor] # 98| 5: [BlockStmt] { ... } # 98| 0: [SuperConstructorInvocationStmt] super(...) +# 98| 0: [IntegerLiteral] 1 # 98| 2: [Method] invoke #-----| 4: (Parameters) # 98| 0: [Parameter] a0 @@ -175,6 +177,7 @@ reflection.kt: # 99| 0: [Parameter] # 99| 5: [BlockStmt] { ... } # 99| 0: [SuperConstructorInvocationStmt] super(...) +# 99| 0: [IntegerLiteral] 1 # 99| 1: [ExprStmt] ; # 99| 0: [AssignExpr] ...=... # 99| 0: [VarAccess] this. @@ -274,13 +277,466 @@ reflection.kt: # 126| 1: [Constructor] # 126| 5: [BlockStmt] { ... } # 126| 0: [SuperConstructorInvocationStmt] super(...) +# 126| 0: [IntegerLiteral] 0 # 126| 2: [Method] invoke # 126| 5: [BlockStmt] { ... } # 126| 0: [ReturnStmt] return ... # 126| 0: [MethodAccess] fn1(...) -# 126| -1: [TypeAccess] ReflectionKt +# 126| -1: [ClassInstanceExpr] new (...) +# 126| -3: [TypeAccess] Object # 126| -3: [TypeAccess] Function0 # 126| 0: [TypeAccess] Unit +# 129| 12: [Method] expectsOneParam +# 129| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 129| 0: [Parameter] f +# 129| 0: [TypeAccess] Function1 +# 129| 0: [WildcardTypeAccess] ? ... +# 129| 1: [TypeAccess] Integer +# 129| 1: [TypeAccess] Integer +# 129| 5: [BlockStmt] { ... } +# 129| 0: [ReturnStmt] return ... +# 129| 0: [MethodAccess] invoke(...) +# 129| -1: [VarAccess] f +# 129| 0: [IntegerLiteral] 0 +# 131| 13: [Method] takesOptionalParam +# 131| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 131| 0: [Parameter] x +# 131| 0: [TypeAccess] int +# 131| 1: [Parameter] y +# 131| 0: [TypeAccess] int +# 131| 5: [BlockStmt] { ... } +# 131| 0: [ReturnStmt] return ... +# 131| 0: [AddExpr] ... + ... +# 131| 0: [VarAccess] x +# 131| 1: [VarAccess] y +# 131| 14: [Method] takesOptionalParam$default +# 131| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 131| 0: [Parameter] p0 +# 131| 0: [TypeAccess] int +# 131| 1: [Parameter] p1 +# 131| 0: [TypeAccess] int +# 131| 2: [Parameter] p2 +# 131| 0: [TypeAccess] int +# 131| 3: [Parameter] p3 +# 131| 0: [TypeAccess] Object +# 131| 5: [BlockStmt] { ... } +# 131| 0: [IfStmt] if (...) +# 131| 0: [EQExpr] ... == ... +# 131| 0: [AndBitwiseExpr] ... & ... +# 131| 0: [IntegerLiteral] 2 +# 131| 1: [VarAccess] p2 +# 131| 1: [IntegerLiteral] 0 +# 131| 1: [ExprStmt] ; +# 131| 0: [AssignExpr] ...=... +# 131| 0: [VarAccess] p1 +# 131| 1: [IntegerLiteral] 0 +# 131| 1: [ReturnStmt] return ... +# 131| 0: [MethodAccess] takesOptionalParam(...) +# 131| -1: [TypeAccess] ReflectionKt +# 131| 0: [VarAccess] p0 +# 131| 1: [VarAccess] p1 +# 133| 15: [Method] adaptedParams +# 133| 3: [TypeAccess] Unit +# 133| 5: [BlockStmt] { ... } +# 134| 0: [ExprStmt] ; +# 134| 0: [ImplicitCoercionToUnitExpr] +# 134| 0: [TypeAccess] Unit +# 134| 1: [MethodAccess] expectsOneParam(...) +# 134| -1: [TypeAccess] ReflectionKt +# 134| 0: [StmtExpr] +# 134| 0: [BlockStmt] { ... } +# 134| 0: [LocalTypeDeclStmt] class ... +# 134| 0: [LocalClass] +# 134| 1: [Constructor] +# 134| 5: [BlockStmt] { ... } +# 134| 0: [SuperConstructorInvocationStmt] super(...) +# 134| 2: [Method] takesOptionalParam +# 134| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 134| 0: [Parameter] p0 +# 134| 0: [TypeAccess] int +# 134| 5: [BlockStmt] { ... } +# 134| 0: [ReturnStmt] return ... +# 134| 0: [MethodAccess] takesOptionalParam$default(...) +# 134| -1: [TypeAccess] ReflectionKt +# 134| 0: [VarAccess] p0 +# 1| 1: [IntegerLiteral] 0 +# 1| 2: [IntegerLiteral] 1 +# 1| 3: [NullLiteral] null +# 134| 1: [ExprStmt] ; +# 134| 0: [MemberRefExpr] ...::... +# 134| -4: [AnonymousClass] new Function1(...) { ... } +# 134| 1: [Constructor] +# 134| 5: [BlockStmt] { ... } +# 134| 0: [SuperConstructorInvocationStmt] super(...) +# 134| 0: [IntegerLiteral] 1 +# 134| 2: [Method] invoke +#-----| 4: (Parameters) +# 134| 0: [Parameter] a0 +# 134| 5: [BlockStmt] { ... } +# 134| 0: [ReturnStmt] return ... +# 134| 0: [MethodAccess] takesOptionalParam(...) +# 134| -1: [ClassInstanceExpr] new (...) +# 134| -3: [TypeAccess] Object +# 134| 0: [VarAccess] a0 +# 134| -3: [TypeAccess] Function1 +# 134| 0: [TypeAccess] Integer +# 134| 1: [TypeAccess] Integer +# 137| 16: [Method] expectsOneParamAndReceiver +# 137| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 137| 0: [Parameter] f +# 137| 0: [TypeAccess] Function2 +# 137| 0: [WildcardTypeAccess] ? ... +# 137| 1: [TypeAccess] MemberOptionalsTest +# 137| 1: [WildcardTypeAccess] ? ... +# 137| 1: [TypeAccess] Integer +# 137| 2: [TypeAccess] Integer +# 137| 5: [BlockStmt] { ... } +# 143| 17: [Method] memberAdaptedParams +# 143| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 143| 0: [Parameter] m +# 143| 0: [TypeAccess] MemberOptionalsTest +# 143| 5: [BlockStmt] { ... } +# 144| 0: [ExprStmt] ; +# 144| 0: [ImplicitCoercionToUnitExpr] +# 144| 0: [TypeAccess] Unit +# 144| 1: [MethodAccess] expectsOneParam(...) +# 144| -1: [TypeAccess] ReflectionKt +# 144| 0: [StmtExpr] +# 144| 0: [BlockStmt] { ... } +# 144| 0: [LocalTypeDeclStmt] class ... +# 144| 0: [LocalClass] +# 144| 1: [Constructor] +# 144| 5: [BlockStmt] { ... } +# 144| 0: [SuperConstructorInvocationStmt] super(...) +# 144| 2: [ExtensionMethod] takesOptionalParam +# 144| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 144| 0: [Parameter] receiver +# 144| 0: [TypeAccess] MemberOptionalsTest +# 144| 1: [Parameter] p0 +# 144| 0: [TypeAccess] int +# 144| 5: [BlockStmt] { ... } +# 144| 0: [ReturnStmt] return ... +# 144| 0: [MethodAccess] takesOptionalParam$default(...) +# 144| -1: [TypeAccess] MemberOptionalsTest +# 144| 0: [ExtensionReceiverAccess] this +# 144| 1: [VarAccess] p0 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 144| 1: [ExprStmt] ; +# 144| 0: [MemberRefExpr] ...::... +# 144| -4: [AnonymousClass] new Function1(...) { ... } +# 144| 1: [Constructor] +#-----| 4: (Parameters) +# 144| 0: [Parameter] +# 144| 5: [BlockStmt] { ... } +# 144| 0: [SuperConstructorInvocationStmt] super(...) +# 144| 0: [IntegerLiteral] 1 +# 144| 1: [ExprStmt] ; +# 144| 0: [AssignExpr] ...=... +# 144| 0: [VarAccess] this. +# 144| -1: [ThisAccess] this +# 144| 1: [VarAccess] +# 144| 2: [FieldDeclaration] MemberOptionalsTest ; +# 144| -1: [TypeAccess] MemberOptionalsTest +# 144| 3: [Method] invoke +#-----| 4: (Parameters) +# 144| 0: [Parameter] a0 +# 144| 5: [BlockStmt] { ... } +# 144| 0: [ReturnStmt] return ... +# 144| 0: [MethodAccess] takesOptionalParam(...) +# 144| -1: [ClassInstanceExpr] new (...) +# 144| -3: [TypeAccess] Object +# 144| 0: [VarAccess] this. +# 144| -1: [ThisAccess] this +# 144| 1: [VarAccess] a0 +# 144| -3: [TypeAccess] Function1 +# 144| 0: [TypeAccess] Integer +# 144| 1: [TypeAccess] Integer +# 144| 0: [VarAccess] m +# 145| 1: [ExprStmt] ; +# 145| 0: [MethodAccess] expectsOneParamAndReceiver(...) +# 145| -1: [TypeAccess] ReflectionKt +# 145| 0: [StmtExpr] +# 145| 0: [BlockStmt] { ... } +# 145| 0: [LocalTypeDeclStmt] class ... +# 145| 0: [LocalClass] +# 145| 1: [Constructor] +# 145| 5: [BlockStmt] { ... } +# 145| 0: [SuperConstructorInvocationStmt] super(...) +# 145| 2: [Method] takesOptionalParam +# 145| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 145| 0: [Parameter] p0 +# 145| 0: [TypeAccess] MemberOptionalsTest +# 145| 1: [Parameter] p1 +# 145| 0: [TypeAccess] int +# 145| 5: [BlockStmt] { ... } +# 145| 0: [ReturnStmt] return ... +# 145| 0: [MethodAccess] takesOptionalParam$default(...) +# 145| -1: [TypeAccess] MemberOptionalsTest +# 145| 0: [VarAccess] p0 +# 145| 1: [VarAccess] p1 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 145| 1: [ExprStmt] ; +# 145| 0: [MemberRefExpr] ...::... +# 145| -4: [AnonymousClass] new Function2(...) { ... } +# 145| 1: [Constructor] +# 145| 5: [BlockStmt] { ... } +# 145| 0: [SuperConstructorInvocationStmt] super(...) +# 145| 0: [IntegerLiteral] 2 +# 145| 2: [Method] invoke +#-----| 4: (Parameters) +# 145| 0: [Parameter] a0 +# 145| 1: [Parameter] a1 +# 145| 5: [BlockStmt] { ... } +# 145| 0: [ReturnStmt] return ... +# 145| 0: [MethodAccess] takesOptionalParam(...) +# 145| -1: [ClassInstanceExpr] new (...) +# 145| -3: [TypeAccess] Object +# 145| 0: [VarAccess] a0 +# 145| 1: [VarAccess] a1 +# 145| -3: [TypeAccess] Function2 +# 145| 0: [TypeAccess] MemberOptionalsTest +# 145| 1: [TypeAccess] Integer +# 145| 2: [TypeAccess] Integer +# 148| 18: [Method] expectsOneParamAndExtension +# 148| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 148| 0: [Parameter] f +# 148| 0: [TypeAccess] Function2 +# 148| 0: [WildcardTypeAccess] ? ... +# 148| 1: [TypeAccess] String +# 148| 1: [WildcardTypeAccess] ? ... +# 148| 1: [TypeAccess] Integer +# 148| 2: [TypeAccess] Integer +# 148| 5: [BlockStmt] { ... } +# 150| 19: [ExtensionMethod] extTakesOptionalParam +# 150| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 150| 0: [Parameter] +# 150| 0: [TypeAccess] String +# 150| 1: [Parameter] x +# 150| 0: [TypeAccess] int +# 150| 2: [Parameter] y +# 150| 0: [TypeAccess] int +# 150| 5: [BlockStmt] { ... } +# 150| 0: [ReturnStmt] return ... +# 150| 0: [AddExpr] ... + ... +# 150| 0: [VarAccess] x +# 150| 1: [VarAccess] y +# 150| 20: [Method] extTakesOptionalParam$default +# 150| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 150| 0: [Parameter] p0 +# 150| 0: [TypeAccess] String +# 150| 1: [Parameter] p1 +# 150| 0: [TypeAccess] int +# 150| 2: [Parameter] p2 +# 150| 0: [TypeAccess] int +# 150| 3: [Parameter] p3 +# 150| 0: [TypeAccess] int +# 150| 4: [Parameter] p4 +# 150| 0: [TypeAccess] Object +# 150| 5: [BlockStmt] { ... } +# 150| 0: [IfStmt] if (...) +# 150| 0: [EQExpr] ... == ... +# 150| 0: [AndBitwiseExpr] ... & ... +# 150| 0: [IntegerLiteral] 2 +# 150| 1: [VarAccess] p3 +# 150| 1: [IntegerLiteral] 0 +# 150| 1: [ExprStmt] ; +# 150| 0: [AssignExpr] ...=... +# 150| 0: [VarAccess] p2 +# 150| 1: [IntegerLiteral] 0 +# 150| 1: [ReturnStmt] return ... +# 150| 0: [MethodAccess] extTakesOptionalParam(...) +# 150| -1: [TypeAccess] ReflectionKt +# 150| 0: [VarAccess] p0 +# 150| 1: [VarAccess] p1 +# 150| 2: [VarAccess] p2 +# 152| 21: [Method] extensionAdaptedParams +# 152| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 152| 0: [Parameter] s +# 152| 0: [TypeAccess] String +# 152| 5: [BlockStmt] { ... } +# 153| 0: [ExprStmt] ; +# 153| 0: [ImplicitCoercionToUnitExpr] +# 153| 0: [TypeAccess] Unit +# 153| 1: [MethodAccess] expectsOneParam(...) +# 153| -1: [TypeAccess] ReflectionKt +# 153| 0: [StmtExpr] +# 153| 0: [BlockStmt] { ... } +# 153| 0: [LocalTypeDeclStmt] class ... +# 153| 0: [LocalClass] +# 153| 1: [Constructor] +# 153| 5: [BlockStmt] { ... } +# 153| 0: [SuperConstructorInvocationStmt] super(...) +# 153| 2: [ExtensionMethod] extTakesOptionalParam +# 153| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 153| 0: [Parameter] receiver +# 153| 0: [TypeAccess] String +# 153| 1: [Parameter] p0 +# 153| 0: [TypeAccess] int +# 153| 5: [BlockStmt] { ... } +# 153| 0: [ReturnStmt] return ... +# 153| 0: [MethodAccess] extTakesOptionalParam$default(...) +# 153| -1: [TypeAccess] ReflectionKt +# 153| 0: [ExtensionReceiverAccess] this +# 153| 1: [VarAccess] p0 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 153| 1: [ExprStmt] ; +# 153| 0: [MemberRefExpr] ...::... +# 153| -4: [AnonymousClass] new Function1(...) { ... } +# 153| 1: [Constructor] +#-----| 4: (Parameters) +# 153| 0: [Parameter] +# 153| 5: [BlockStmt] { ... } +# 153| 0: [SuperConstructorInvocationStmt] super(...) +# 153| 0: [IntegerLiteral] 1 +# 153| 1: [ExprStmt] ; +# 153| 0: [AssignExpr] ...=... +# 153| 0: [VarAccess] this. +# 153| -1: [ThisAccess] this +# 153| 1: [VarAccess] +# 153| 2: [FieldDeclaration] String ; +# 153| -1: [TypeAccess] String +# 153| 3: [Method] invoke +#-----| 4: (Parameters) +# 153| 0: [Parameter] a0 +# 153| 5: [BlockStmt] { ... } +# 153| 0: [ReturnStmt] return ... +# 153| 0: [MethodAccess] extTakesOptionalParam(...) +# 153| -1: [ClassInstanceExpr] new (...) +# 153| -3: [TypeAccess] Object +# 153| 0: [VarAccess] this. +# 153| -1: [ThisAccess] this +# 153| 1: [VarAccess] a0 +# 153| -3: [TypeAccess] Function1 +# 153| 0: [TypeAccess] Integer +# 153| 1: [TypeAccess] Integer +# 153| 0: [VarAccess] s +# 154| 1: [ExprStmt] ; +# 154| 0: [MethodAccess] expectsOneParamAndExtension(...) +# 154| -1: [TypeAccess] ReflectionKt +# 154| 0: [StmtExpr] +# 154| 0: [BlockStmt] { ... } +# 154| 0: [LocalTypeDeclStmt] class ... +# 154| 0: [LocalClass] +# 154| 1: [Constructor] +# 154| 5: [BlockStmt] { ... } +# 154| 0: [SuperConstructorInvocationStmt] super(...) +# 154| 2: [Method] extTakesOptionalParam +# 154| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 154| 0: [Parameter] p0 +# 154| 0: [TypeAccess] String +# 154| 1: [Parameter] p1 +# 154| 0: [TypeAccess] int +# 154| 5: [BlockStmt] { ... } +# 154| 0: [ReturnStmt] return ... +# 154| 0: [MethodAccess] extTakesOptionalParam$default(...) +# 154| -1: [TypeAccess] ReflectionKt +# 154| 0: [VarAccess] p0 +# 154| 1: [VarAccess] p1 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 154| 1: [ExprStmt] ; +# 154| 0: [MemberRefExpr] ...::... +# 154| -4: [AnonymousClass] new Function2(...) { ... } +# 154| 1: [Constructor] +# 154| 5: [BlockStmt] { ... } +# 154| 0: [SuperConstructorInvocationStmt] super(...) +# 154| 0: [IntegerLiteral] 2 +# 154| 2: [Method] invoke +#-----| 4: (Parameters) +# 154| 0: [Parameter] a0 +# 154| 1: [Parameter] a1 +# 154| 5: [BlockStmt] { ... } +# 154| 0: [ReturnStmt] return ... +# 154| 0: [MethodAccess] extTakesOptionalParam(...) +# 154| -1: [ClassInstanceExpr] new (...) +# 154| -3: [TypeAccess] Object +# 154| 0: [VarAccess] a0 +# 154| 1: [VarAccess] a1 +# 154| -3: [TypeAccess] Function2 +# 154| 0: [TypeAccess] String +# 154| 1: [TypeAccess] Integer +# 154| 2: [TypeAccess] Integer +# 159| 22: [Method] expectsOneParamCons +# 159| 3: [TypeAccess] ConstructorOptional +#-----| 4: (Parameters) +# 159| 0: [Parameter] f +# 159| 0: [TypeAccess] Function1 +# 159| 0: [WildcardTypeAccess] ? ... +# 159| 1: [TypeAccess] Integer +# 159| 1: [TypeAccess] ConstructorOptional +# 159| 5: [BlockStmt] { ... } +# 159| 0: [ReturnStmt] return ... +# 159| 0: [MethodAccess] invoke(...) +# 159| -1: [VarAccess] f +# 159| 0: [IntegerLiteral] 0 +# 161| 23: [Method] constructorAdaptedParams +# 161| 3: [TypeAccess] Unit +# 161| 5: [BlockStmt] { ... } +# 162| 0: [ExprStmt] ; +# 162| 0: [ImplicitCoercionToUnitExpr] +# 162| 0: [TypeAccess] Unit +# 162| 1: [MethodAccess] expectsOneParamCons(...) +# 162| -1: [TypeAccess] ReflectionKt +# 162| 0: [StmtExpr] +# 162| 0: [BlockStmt] { ... } +# 162| 0: [LocalTypeDeclStmt] class ... +# 162| 0: [LocalClass] +# 162| 1: [Constructor] +# 162| 5: [BlockStmt] { ... } +# 162| 0: [SuperConstructorInvocationStmt] super(...) +# 162| 2: [Method] +# 162| 3: [TypeAccess] ConstructorOptional +#-----| 4: (Parameters) +# 162| 0: [Parameter] p0 +# 162| 0: [TypeAccess] int +# 162| 5: [BlockStmt] { ... } +# 162| 0: [ReturnStmt] return ... +# 162| 0: [ClassInstanceExpr] new ConstructorOptional(...) +# 162| -3: [TypeAccess] ConstructorOptional +# 162| 0: [VarAccess] p0 +# 1| 1: [IntegerLiteral] 0 +# 1| 2: [IntegerLiteral] 1 +# 1| 3: [NullLiteral] null +# 162| 1: [ExprStmt] ; +# 162| 0: [MemberRefExpr] ...::... +# 162| -4: [AnonymousClass] new Function1(...) { ... } +# 162| 1: [Constructor] +# 162| 5: [BlockStmt] { ... } +# 162| 0: [SuperConstructorInvocationStmt] super(...) +# 162| 0: [IntegerLiteral] 1 +# 162| 2: [Method] invoke +#-----| 4: (Parameters) +# 162| 0: [Parameter] a0 +# 162| 5: [BlockStmt] { ... } +# 162| 0: [ReturnStmt] return ... +# 162| 0: [MethodAccess] (...) +# 162| -1: [ClassInstanceExpr] new (...) +# 162| -3: [TypeAccess] Object +# 162| 0: [VarAccess] a0 +# 162| -3: [TypeAccess] Function1 +# 162| 0: [TypeAccess] Integer +# 162| 1: [TypeAccess] ConstructorOptional # 5| 2: [Class] Reflection # 5| 1: [Constructor] Reflection # 5| 5: [BlockStmt] { ... } @@ -296,6 +752,7 @@ reflection.kt: # 7| 1: [Constructor] # 7| 5: [BlockStmt] { ... } # 7| 0: [SuperConstructorInvocationStmt] super(...) +# 7| 0: [IntegerLiteral] 2 # 7| 2: [Method] invoke #-----| 4: (Parameters) # 7| 0: [Parameter] a0 @@ -362,6 +819,7 @@ reflection.kt: # 14| 0: [Parameter] # 14| 5: [BlockStmt] { ... } # 14| 0: [SuperConstructorInvocationStmt] super(...) +# 14| 0: [IntegerLiteral] 1 # 14| 1: [ExprStmt] ; # 14| 0: [AssignExpr] ...=... # 14| 0: [VarAccess] this. @@ -473,6 +931,7 @@ reflection.kt: # 21| 0: [Parameter] # 21| 5: [BlockStmt] { ... } # 21| 0: [SuperConstructorInvocationStmt] super(...) +# 21| 0: [IntegerLiteral] 2 # 21| 1: [ExprStmt] ; # 21| 0: [AssignExpr] ...=... # 21| 0: [VarAccess] this. @@ -678,6 +1137,7 @@ reflection.kt: # 60| 1: [Constructor] # 60| 5: [BlockStmt] { ... } # 60| 0: [SuperConstructorInvocationStmt] super(...) +# 60| 0: [IntegerLiteral] 2 # 60| 2: [Method] invoke #-----| 4: (Parameters) # 60| 0: [Parameter] a0 @@ -702,6 +1162,7 @@ reflection.kt: # 61| 0: [Parameter] # 61| 5: [BlockStmt] { ... } # 61| 0: [SuperConstructorInvocationStmt] super(...) +# 61| 0: [IntegerLiteral] 1 # 61| 1: [ExprStmt] ; # 61| 0: [AssignExpr] ...=... # 61| 0: [VarAccess] this. @@ -733,6 +1194,7 @@ reflection.kt: # 62| 1: [Constructor] # 62| 5: [BlockStmt] { ... } # 62| 0: [SuperConstructorInvocationStmt] super(...) +# 62| 0: [IntegerLiteral] 1 # 62| 2: [Method] invoke #-----| 4: (Parameters) # 62| 0: [Parameter] a0 @@ -756,6 +1218,7 @@ reflection.kt: # 63| 0: [Parameter] # 63| 5: [BlockStmt] { ... } # 63| 0: [SuperConstructorInvocationStmt] super(...) +# 63| 0: [IntegerLiteral] 0 # 63| 1: [ExprStmt] ; # 63| 0: [AssignExpr] ...=... # 63| 0: [VarAccess] this. @@ -785,6 +1248,7 @@ reflection.kt: # 64| 1: [Constructor] # 64| 5: [BlockStmt] { ... } # 64| 0: [SuperConstructorInvocationStmt] super(...) +# 64| 0: [IntegerLiteral] 1 # 64| 2: [Method] invoke #-----| 4: (Parameters) # 64| 0: [Parameter] a0 @@ -807,6 +1271,7 @@ reflection.kt: # 65| 0: [Parameter] # 65| 5: [BlockStmt] { ... } # 65| 0: [SuperConstructorInvocationStmt] super(...) +# 65| 0: [IntegerLiteral] 0 # 65| 1: [ExprStmt] ; # 65| 0: [AssignExpr] ...=... # 65| 0: [VarAccess] this. @@ -1077,6 +1542,7 @@ reflection.kt: # 90| 0: [Parameter] # 90| 5: [BlockStmt] { ... } # 90| 0: [SuperConstructorInvocationStmt] super(...) +# 90| 0: [IntegerLiteral] 1 # 90| 1: [ExprStmt] ; # 90| 0: [AssignExpr] ...=... # 90| 0: [VarAccess] this. @@ -1210,6 +1676,7 @@ reflection.kt: # 116| 1: [Constructor] # 116| 5: [BlockStmt] { ... } # 116| 0: [SuperConstructorInvocationStmt] super(...) +# 116| 0: [IntegerLiteral] 1 # 116| 2: [Method] invoke #-----| 4: (Parameters) # 116| 0: [Parameter] a0 @@ -1222,3 +1689,83 @@ reflection.kt: # 116| -3: [TypeAccess] Function1 # 116| 0: [TypeAccess] Integer # 116| 1: [TypeAccess] Unit +# 139| 9: [Class] MemberOptionalsTest +# 139| 1: [Constructor] MemberOptionalsTest +# 139| 5: [BlockStmt] { ... } +# 139| 0: [SuperConstructorInvocationStmt] super(...) +# 139| 1: [BlockStmt] { ... } +# 140| 2: [Method] takesOptionalParam +# 140| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 140| 0: [Parameter] x +# 140| 0: [TypeAccess] int +# 140| 1: [Parameter] y +# 140| 0: [TypeAccess] int +# 140| 5: [BlockStmt] { ... } +# 140| 0: [ReturnStmt] return ... +# 140| 0: [AddExpr] ... + ... +# 140| 0: [VarAccess] x +# 140| 1: [VarAccess] y +# 140| 3: [Method] takesOptionalParam$default +# 140| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 140| 0: [Parameter] p0 +# 140| 0: [TypeAccess] MemberOptionalsTest +# 140| 1: [Parameter] p1 +# 140| 0: [TypeAccess] int +# 140| 2: [Parameter] p2 +# 140| 0: [TypeAccess] int +# 140| 3: [Parameter] p3 +# 140| 0: [TypeAccess] int +# 140| 4: [Parameter] p4 +# 140| 0: [TypeAccess] Object +# 140| 5: [BlockStmt] { ... } +# 140| 0: [IfStmt] if (...) +# 140| 0: [EQExpr] ... == ... +# 140| 0: [AndBitwiseExpr] ... & ... +# 140| 0: [IntegerLiteral] 2 +# 140| 1: [VarAccess] p3 +# 140| 1: [IntegerLiteral] 0 +# 140| 1: [ExprStmt] ; +# 140| 0: [AssignExpr] ...=... +# 140| 0: [VarAccess] p2 +# 140| 1: [IntegerLiteral] 0 +# 140| 1: [ReturnStmt] return ... +# 140| 0: [MethodAccess] takesOptionalParam(...) +# 140| -1: [VarAccess] p0 +# 140| 0: [VarAccess] p1 +# 140| 1: [VarAccess] p2 +# 157| 10: [Class] ConstructorOptional +# 157| 1: [Constructor] ConstructorOptional +#-----| 4: (Parameters) +# 157| 0: [Parameter] x +# 157| 0: [TypeAccess] int +# 157| 1: [Parameter] y +# 157| 0: [TypeAccess] int +# 157| 5: [BlockStmt] { ... } +# 157| 0: [SuperConstructorInvocationStmt] super(...) +# 157| 1: [BlockStmt] { ... } +# 157| 2: [Constructor] ConstructorOptional +#-----| 4: (Parameters) +# 157| 0: [Parameter] p0 +# 157| 0: [TypeAccess] int +# 157| 1: [Parameter] p1 +# 157| 0: [TypeAccess] int +# 157| 2: [Parameter] p2 +# 157| 0: [TypeAccess] int +# 157| 3: [Parameter] p3 +# 157| 0: [TypeAccess] DefaultConstructorMarker +# 157| 5: [BlockStmt] { ... } +# 157| 0: [IfStmt] if (...) +# 157| 0: [EQExpr] ... == ... +# 157| 0: [AndBitwiseExpr] ... & ... +# 157| 0: [IntegerLiteral] 2 +# 157| 1: [VarAccess] p2 +# 157| 1: [IntegerLiteral] 0 +# 157| 1: [ExprStmt] ; +# 157| 0: [AssignExpr] ...=... +# 157| 0: [VarAccess] p1 +# 157| 1: [IntegerLiteral] 0 +# 157| 1: [ThisConstructorInvocationStmt] this(...) +# 157| 0: [VarAccess] p0 +# 157| 1: [VarAccess] p1 diff --git a/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.expected b/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.ql b/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.ql new file mode 100644 index 00000000000..854bfbc5af4 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.ql @@ -0,0 +1,9 @@ +import java + +from Call call, Callable callable, int argCount, int paramCount +where + call.getCallee() = callable and + argCount = count(call.getAnArgument()) and + paramCount = count(callable.getAParameter()) and + argCount != paramCount +select "Call should have " + paramCount + " arguments but actually has " + argCount, call, callable diff --git a/java/ql/test/kotlin/library-tests/reflection/reflection.expected b/java/ql/test/kotlin/library-tests/reflection/reflection.expected index 12bbfb4db98..df62f83bac2 100644 --- a/java/ql/test/kotlin/library-tests/reflection/reflection.expected +++ b/java/ql/test/kotlin/library-tests/reflection/reflection.expected @@ -2,21 +2,21 @@ variableInitializerType | reflection.kt:7:9:7:54 | KFunction ref | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:7:49:7:54 | new Function2(...) { ... } | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:7:9:7:54 | KFunction ref | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:7:49:7:54 | new Function2(...) { ... } | file:///FunctionReference.class:0:0:0:0 | FunctionReference | true | | reflection.kt:10:9:10:42 | KProperty1 x0 | file:///KProperty1.class:0:0:0:0 | KProperty1 | reflection.kt:10:38:10:42 | new KProperty1(...) { ... } | file:///KProperty1.class:0:0:0:0 | KProperty1 | true | -| reflection.kt:10:9:10:42 | KProperty1 x0 | file:///KProperty1.class:0:0:0:0 | KProperty1 | reflection.kt:10:38:10:42 | new KProperty1(...) { ... } | file:///PropertyReference1.class:0:0:0:0 | PropertyReference1 | true | +| reflection.kt:10:9:10:42 | KProperty1 x0 | file:///KProperty1.class:0:0:0:0 | KProperty1 | reflection.kt:10:38:10:42 | new KProperty1(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:13:9:13:53 | Getter x3 | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///Function1.class:0:0:0:0 | Function1 | true | | reflection.kt:13:9:13:53 | Getter x3 | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///KProperty$Getter.class:0:0:0:0 | Getter | true | | reflection.kt:14:9:14:44 | KFunction x4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:14:38:14:44 | new Function1(...) { ... } | file:///Function1.class:0:0:0:0 | Function1 | true | | reflection.kt:14:9:14:44 | KFunction x4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:14:38:14:44 | new Function1(...) { ... } | file:///FunctionReference.class:0:0:0:0 | FunctionReference | true | | reflection.kt:15:9:15:41 | KProperty0 x5 | file:///KProperty0.class:0:0:0:0 | KProperty0 | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | file:///KProperty0.class:0:0:0:0 | KProperty0 | true | -| reflection.kt:15:9:15:41 | KProperty0 x5 | file:///KProperty0.class:0:0:0:0 | KProperty0 | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | file:///PropertyReference0.class:0:0:0:0 | PropertyReference0 | true | +| reflection.kt:15:9:15:41 | KProperty0 x5 | file:///KProperty0.class:0:0:0:0 | KProperty0 | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:17:9:17:49 | KMutableProperty1 y0 | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | reflection.kt:17:45:17:49 | new KMutableProperty1(...) { ... } | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | true | -| reflection.kt:17:9:17:49 | KMutableProperty1 y0 | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | reflection.kt:17:45:17:49 | new KMutableProperty1(...) { ... } | file:///MutablePropertyReference1.class:0:0:0:0 | MutablePropertyReference1 | true | +| reflection.kt:17:9:17:49 | KMutableProperty1 y0 | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | reflection.kt:17:45:17:49 | new KMutableProperty1(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:20:9:20:60 | Setter y3 | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:20:9:20:60 | Setter y3 | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///KMutableProperty$Setter.class:0:0:0:0 | Setter | true | | reflection.kt:21:9:21:50 | KFunction y4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:21:44:21:50 | new Function2(...) { ... } | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:21:9:21:50 | KFunction y4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:21:44:21:50 | new Function2(...) { ... } | file:///FunctionReference.class:0:0:0:0 | FunctionReference | true | | reflection.kt:22:9:22:48 | KMutableProperty0 y5 | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | reflection.kt:22:42:22:48 | new KMutableProperty0(...) { ... } | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | true | -| reflection.kt:22:9:22:48 | KMutableProperty0 y5 | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | reflection.kt:22:42:22:48 | new KMutableProperty0(...) { ... } | file:///MutablePropertyReference0.class:0:0:0:0 | MutablePropertyReference0 | true | +| reflection.kt:22:9:22:48 | KMutableProperty0 y5 | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | reflection.kt:22:42:22:48 | new KMutableProperty0(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:24:9:24:91 | KProperty2 prop | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:24:9:24:91 | KProperty2 prop | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///KProperty.class:0:0:0:0 | KProperty | true | | reflection.kt:116:9:116:44 | KFunction x | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:116:40:116:44 | new Function1(...) { ... } | file:///Function1.class:0:0:0:0 | Function1 | true | @@ -51,7 +51,13 @@ functionReferences | reflection.kt:98:14:98:17 | ...::... | reflection.kt:98:14:98:17 | invoke | reflection.kt:94:1:94:24 | fn | | reflection.kt:99:14:99:29 | ...::... | reflection.kt:99:14:99:29 | invoke | file:///Class2$Inner.class:0:0:0:0 | Inner | | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | invoke | reflection.kt:115:9:115:27 | fn1 | -| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | reflection.kt:121:1:121:13 | fn1 | +| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | fn1 | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | invoke | reflection.kt:134:21:134:40 | takesOptionalParam | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | takesOptionalParam | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | invoke | reflection.kt:145:32:145:70 | takesOptionalParam | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | extTakesOptionalParam | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | invoke | reflection.kt:154:33:154:61 | extTakesOptionalParam | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | invoke | reflection.kt:162:25:162:45 | | propertyGetReferences | reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | get | reflection.kt:33:9:33:23 | getP0 | | reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | get | reflection.kt:33:9:33:23 | getP0 | @@ -115,7 +121,20 @@ callsInsideInvocationMethods | reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | new KMutableProperty0(...) { ... } | reflection.kt:109:17:109:27 | set | reflection.kt:109:17:109:27 | setProp1(...) | Base1.setProp1 | | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | new Function1(...) { ... } | reflection.kt:116:40:116:44 | invoke | reflection.kt:116:40:116:44 | fn1(...) | LocalFn$.fn1 | | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | new Function1(...) { ... } | reflection.kt:116:40:116:44 | invoke | reflection.kt:116:40:116:44 | new (...) | LocalFn$. | -| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | new Function0(...) { ... } | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | fn1(...) | ReflectionKt.fn1 | +| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | new Function0(...) { ... } | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | fn1(...) | ReflectionKt$.fn1 | +| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | new Function0(...) { ... } | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | new (...) | ReflectionKt$. | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | new Function1(...) { ... } | reflection.kt:134:21:134:40 | invoke | reflection.kt:134:21:134:40 | new (...) | ReflectionKt$. | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | new Function1(...) { ... } | reflection.kt:134:21:134:40 | invoke | reflection.kt:134:21:134:40 | takesOptionalParam(...) | ReflectionKt$.takesOptionalParam | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | new Function1(...) { ... } | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | new (...) | ReflectionKt$. | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | new Function1(...) { ... } | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | takesOptionalParam(...) | ReflectionKt$.takesOptionalParam | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | new Function2(...) { ... } | reflection.kt:145:32:145:70 | invoke | reflection.kt:145:32:145:70 | new (...) | ReflectionKt$. | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | new Function2(...) { ... } | reflection.kt:145:32:145:70 | invoke | reflection.kt:145:32:145:70 | takesOptionalParam(...) | ReflectionKt$.takesOptionalParam | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | new Function1(...) { ... } | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | extTakesOptionalParam(...) | ReflectionKt$.extTakesOptionalParam | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | new Function1(...) { ... } | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | new (...) | ReflectionKt$. | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | new Function2(...) { ... } | reflection.kt:154:33:154:61 | invoke | reflection.kt:154:33:154:61 | extTakesOptionalParam(...) | ReflectionKt$.extTakesOptionalParam | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | new Function2(...) { ... } | reflection.kt:154:33:154:61 | invoke | reflection.kt:154:33:154:61 | new (...) | ReflectionKt$. | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | new Function1(...) { ... } | reflection.kt:162:25:162:45 | invoke | reflection.kt:162:25:162:45 | (...) | ReflectionKt$. | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | new Function1(...) { ... } | reflection.kt:162:25:162:45 | invoke | reflection.kt:162:25:162:45 | new (...) | ReflectionKt$. | fieldAccessInsideInvocationMethods | reflection.kt:14:38:14:44 | ...::... | reflection.kt:14:38:14:44 | new Function1(...) { ... } | reflection.kt:14:38:14:44 | invoke | reflection.kt:14:38:14:44 | this. | | reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | reflection.kt:15:35:15:41 | get | reflection.kt:15:35:15:41 | this. | @@ -138,6 +157,8 @@ fieldAccessInsideInvocationMethods | reflection.kt:99:14:99:29 | ...::... | reflection.kt:99:14:99:29 | new Function1>(...) { ... } | reflection.kt:99:14:99:29 | invoke | reflection.kt:99:14:99:29 | this. | | reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | new KMutableProperty0(...) { ... } | reflection.kt:109:17:109:27 | get | reflection.kt:109:17:109:27 | this. | | reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | new KMutableProperty0(...) { ... } | reflection.kt:109:17:109:27 | set | reflection.kt:109:17:109:27 | this. | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | new Function1(...) { ... } | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | this. | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | new Function1(...) { ... } | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | this. | modifiers | reflection.kt:7:49:7:54 | ...::... | reflection.kt:7:49:7:54 | invoke | override | | reflection.kt:7:49:7:54 | ...::... | reflection.kt:7:49:7:54 | invoke | public | @@ -229,10 +250,23 @@ modifiers | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | invoke | public | | reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | override | | reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | public | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | invoke | override | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | invoke | public | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | invoke | override | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | invoke | public | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | invoke | override | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | invoke | public | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | invoke | override | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | invoke | public | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | invoke | override | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | invoke | public | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | invoke | override | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | invoke | public | compGenerated | file:///Class2.class:0:0:0:0 | getValue | 3 | | file:///Class2.class:0:0:0:0 | getValue | 3 | | file:///KTypeProjection.class:0:0:0:0 | contravariant | 8 | +| file:///KTypeProjection.class:0:0:0:0 | copy$default | 10 | | file:///KTypeProjection.class:0:0:0:0 | covariant | 8 | | file:///KTypeProjection.class:0:0:0:0 | invariant | 8 | | reflection.kt:33:9:33:23 | getP0 | 3 | @@ -242,3 +276,261 @@ compGenerated | reflection.kt:105:18:105:31 | getProp1 | 3 | | reflection.kt:105:18:105:31 | setProp1 | 3 | | reflection.kt:126:9:126:13 | | 1 | +| reflection.kt:131:1:131:50 | takesOptionalParam$default | 10 | +| reflection.kt:134:21:134:40 | | 1 | +| reflection.kt:140:5:140:54 | takesOptionalParam$default | 10 | +| reflection.kt:144:21:144:41 | | 1 | +| reflection.kt:145:32:145:70 | | 1 | +| reflection.kt:150:1:150:60 | extTakesOptionalParam$default | 10 | +| reflection.kt:153:21:153:44 | | 1 | +| reflection.kt:154:33:154:61 | | 1 | +| reflection.kt:157:1:157:49 | ConstructorOptional | 10 | +| reflection.kt:162:25:162:45 | | 1 | +propertyReferenceOverrides +| reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | get | kotlin.reflect.KProperty1.get(Reflection.C) | +| reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | invoke | kotlin.jvm.functions.Function1.invoke(Reflection.C) | +| reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:17:45:17:49 | ...::... | reflection.kt:17:45:17:49 | get | kotlin.reflect.KProperty1.get(Reflection.C) | +| reflection.kt:17:45:17:49 | ...::... | reflection.kt:17:45:17:49 | invoke | kotlin.jvm.functions.Function1.invoke(Reflection.C) | +| reflection.kt:22:42:22:48 | ...::... | reflection.kt:22:42:22:48 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:22:42:22:48 | ...::... | reflection.kt:22:42:22:48 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:50:13:50:28 | ...::... | reflection.kt:50:13:50:28 | get | kotlin.reflect.KProperty1.get(java.lang.String) | +| reflection.kt:50:13:50:28 | ...::... | reflection.kt:50:13:50:28 | invoke | kotlin.jvm.functions.Function1.invoke(java.lang.String) | +| reflection.kt:51:13:51:28 | ...::... | reflection.kt:51:13:51:28 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:51:13:51:28 | ...::... | reflection.kt:51:13:51:28 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:67:17:67:32 | ...::... | reflection.kt:67:17:67:32 | get | kotlin.reflect.KProperty1,Integer>.get(Class1.Generic) | +| reflection.kt:67:17:67:32 | ...::... | reflection.kt:67:17:67:32 | invoke | kotlin.jvm.functions.Function1,Integer>.invoke(Class1.Generic) | +| reflection.kt:67:17:67:32 | ...::... | reflection.kt:67:17:67:32 | set | kotlin.reflect.KMutableProperty1,Integer>.set(Class1.Generic,java.lang.Integer) | +| reflection.kt:68:17:68:34 | ...::... | reflection.kt:68:17:68:34 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:68:17:68:34 | ...::... | reflection.kt:68:17:68:34 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:68:17:68:34 | ...::... | reflection.kt:68:17:68:34 | set | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:70:17:70:30 | ...::... | reflection.kt:70:17:70:30 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:70:17:70:30 | ...::... | reflection.kt:70:17:70:30 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:71:17:71:34 | ...::... | reflection.kt:71:17:71:34 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:71:17:71:34 | ...::... | reflection.kt:71:17:71:34 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:72:17:72:35 | ...::... | reflection.kt:72:17:72:35 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:72:17:72:35 | ...::... | reflection.kt:72:17:72:35 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | invoke | kotlin.jvm.functions.Function0.invoke() | +notImplementedInterfaceMembers +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty1.getDelegate(Reflection.C) | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty1.getGetter() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KMutableProperty1.getSetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KMutableProperty1.set(Reflection.C,java.lang.Integer) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty1.getDelegate(Reflection.C) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty1.getGetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty1.getDelegate(java.lang.String) | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty1.getGetter() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KMutableProperty1,Integer>.getSetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty1,Integer>.getDelegate(Class1.Generic) | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty1,Integer>.getGetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.getGetter() | diff --git a/java/ql/test/kotlin/library-tests/reflection/reflection.kt b/java/ql/test/kotlin/library-tests/reflection/reflection.kt index 1e3d8555400..9d9c74835d9 100644 --- a/java/ql/test/kotlin/library-tests/reflection/reflection.kt +++ b/java/ql/test/kotlin/library-tests/reflection/reflection.kt @@ -124,4 +124,40 @@ fun fn2(f: () -> Unit) = f() fun adapted() { fn2(::fn1) -} \ No newline at end of file +} + +fun expectsOneParam(f: (Int) -> Int) = f(0) + +fun takesOptionalParam(x: Int, y: Int = 0) = x + y + +fun adaptedParams() { + expectsOneParam(::takesOptionalParam) +} + +fun expectsOneParamAndReceiver(f: (MemberOptionalsTest, Int) -> Int) { } + +class MemberOptionalsTest { + fun takesOptionalParam(x: Int, y: Int = 0) = x + y +} + +fun memberAdaptedParams(m: MemberOptionalsTest) { + expectsOneParam(m::takesOptionalParam) + expectsOneParamAndReceiver(MemberOptionalsTest::takesOptionalParam) +} + +fun expectsOneParamAndExtension(f: (String, Int) -> Int) { } + +fun String.extTakesOptionalParam(x: Int, y: Int = 0) = x + y + +fun extensionAdaptedParams(s: String) { + expectsOneParam(s::extTakesOptionalParam) + expectsOneParamAndExtension(String::extTakesOptionalParam) +} + +class ConstructorOptional(x: Int, y: Int = 0) { } + +fun expectsOneParamCons(f: (Int) -> ConstructorOptional) = f(0) + +fun constructorAdaptedParams() { + expectsOneParamCons(::ConstructorOptional) +} diff --git a/java/ql/test/kotlin/library-tests/reflection/reflection.ql b/java/ql/test/kotlin/library-tests/reflection/reflection.ql index 98b6964af3b..09256d22a85 100644 --- a/java/ql/test/kotlin/library-tests/reflection/reflection.ql +++ b/java/ql/test/kotlin/library-tests/reflection/reflection.ql @@ -87,3 +87,24 @@ query predicate modifiers(ClassInstanceExpr e, Method m, string modifier) { } query predicate compGenerated(Element e, int i) { compiler_generated(e, i) } + +query predicate propertyReferenceOverrides(PropertyRefExpr e, Method m, string overridden) { + e.getAnonymousClass().getAMember() = m and + exists(Method n | + m.overrides(n) and + overridden = n.getDeclaringType().getQualifiedName() + "." + n.getSignature() + ) +} + +query predicate notImplementedInterfaceMembers(PropertyRefExpr e, string interfaceMember) { + exists(Interface i, Method interfaceMethod | + e.getAnonymousClass().extendsOrImplements+(i) and + i.getAMethod() = interfaceMethod and + interfaceMember = i.getQualifiedName() + "." + interfaceMethod.getSignature() and + not exists(Class c, Method classMethod | + e.getAnonymousClass().extendsOrImplements*(c) and + c.getAMethod() = classMethod and + classMethod.overrides(interfaceMethod) + ) + ) +} diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.expected b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref new file mode 100644 index 00000000000..4fc71295c2c --- /dev/null +++ b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref @@ -0,0 +1 @@ +Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt new file mode 100644 index 00000000000..e8ead8d323e --- /dev/null +++ b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt @@ -0,0 +1,9 @@ +class C { + var p: Int + get() = 1 + set(value) {} + fun fn() { + val prop = C::p + prop(this) + } +} diff --git a/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.expected b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.qlref b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.qlref new file mode 100644 index 00000000000..6452bb942d2 --- /dev/null +++ b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.qlref @@ -0,0 +1 @@ +Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql diff --git a/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposesRep.kt b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposesRep.kt new file mode 100644 index 00000000000..04d8f8f588d --- /dev/null +++ b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposesRep.kt @@ -0,0 +1,3 @@ +class ExposesRep { + val strings: Array = arrayOfNulls(1) +} diff --git a/java/ql/test/kotlin/query-tests/ExposeRepresentation/User.kt b/java/ql/test/kotlin/query-tests/ExposeRepresentation/User.kt new file mode 100644 index 00000000000..aac812be0d0 --- /dev/null +++ b/java/ql/test/kotlin/query-tests/ExposeRepresentation/User.kt @@ -0,0 +1,5 @@ +class User { + fun test1(er: ExposesRep) { + er.strings[0] = "Hello world" + } +} diff --git a/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt b/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt index 7e8fa2619e2..f6252b5d3f2 100644 --- a/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt +++ b/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt @@ -5,3 +5,9 @@ data class E(val x: Int) { return (other as? E)?.x == this.x } } + +data class F(val x: Int) { + override fun equals(other: Any?): Boolean { + return other != null && other::class == this::class + } +} diff --git a/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt b/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt index b98ebcdf43e..138309dc9de 100644 --- a/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt +++ b/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt @@ -9,3 +9,10 @@ fun fn(x:Any?, y: Any?) { println("y not null") } } + +fun fn0(o: Any?) { + if (o != null) { + o?.toString() + o.toString() + } +} diff --git a/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected b/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected index e69de29bb2d..5cb1138d992 100644 --- a/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected +++ b/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected @@ -0,0 +1 @@ +| Test.kt:15:12:15:21 | ... (value equals) ... | This check is useless. $@ cannot be null at this check, since it is guarded by $@. | Test.kt:15:9:15:9 | tmp0_safe_receiver | tmp0_safe_receiver | Test.kt:14:9:14:17 | ... (value not-equals) ... | ... (value not-equals) ... | diff --git a/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt b/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt index f476eba616c..8675f01bf58 100644 --- a/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt +++ b/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt @@ -7,3 +7,5 @@ class B : A { println("a") } } + +fun fn(a: Int = 10) {} diff --git a/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected b/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected index e69de29bb2d..106448e7ed7 100644 --- a/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected +++ b/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected @@ -0,0 +1 @@ +| Test.kt:11:8:11:18 | a | The parameter 'a' is never used. | diff --git a/java/ql/test/library-tests/dataflow/stream-collect/A.java b/java/ql/test/library-tests/dataflow/stream-collect/A.java new file mode 100644 index 00000000000..9fff4598fa6 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/stream-collect/A.java @@ -0,0 +1,30 @@ +import java.util.*; +import java.util.stream.*; + +public class A { + String source() { return "source"; } + + void sink(Object o) { } + + void m() { + String[] xs = new String[] { source() }; + Stream s = Arrays.stream(xs); + + sink(s.collect(Collectors.maxBy(null)).get()); // $ hasValueFlow + sink(s.collect(Collectors.minBy(null)).get()); // $ hasValueFlow + sink(s.collect(Collectors.toCollection(null)).iterator().next()); // $ hasValueFlow + sink(s.collect(Collectors.toList()).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.toSet()).iterator().next()); // $ hasValueFlow + sink(s.collect(Collectors.toUnmodifiableList()).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.toUnmodifiableSet()).iterator().next()); // $ hasValueFlow + + // we don't attempt to cover weird things like this: + sink(s.collect(true ? Collectors.toList() : null).get(0)); // $ MISSING: hasValueFlow + + sink(s.collect(Collectors.joining())); // $ hasTaintFlow + + sink(s.collect(Collectors.groupingBy(null)).get(null).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.groupingByConcurrent(null)).get(null).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.partitioningBy(null)).get(null).get(0)); // $ hasValueFlow + } +} diff --git a/java/ql/test/library-tests/dataflow/stream-collect/test.expected b/java/ql/test/library-tests/dataflow/stream-collect/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/dataflow/stream-collect/test.ql b/java/ql/test/library-tests/dataflow/stream-collect/test.ql new file mode 100644 index 00000000000..c4b63c87071 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/stream-collect/test.ql @@ -0,0 +1 @@ +import TestUtilities.InlineFlowTest diff --git a/java/ql/test/library-tests/dataflow/synth-global/A.java b/java/ql/test/library-tests/dataflow/synth-global/A.java new file mode 100644 index 00000000000..05657d9d9c8 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/synth-global/A.java @@ -0,0 +1,25 @@ +package my.qltest.synth; + +public class A { + void storeInArray(String x) { } + void storeTaintInArray(String x) { } + void storeValue(String x) { } + + String readValue() { return null; } + String readArray() { return null; } + + String source(String tag) { return "tainted"; } + + void sink(Object o) { } + + void stores() { + storeInArray(source("A")); + storeTaintInArray(source("B")); + storeValue(source("C")); + } + + void reads() { + sink(readValue()); // $ hasValueFlow=C + sink(readArray()); // $ hasValueFlow=A hasTaintFlow=B hasTaintFlow=C + } +} diff --git a/java/ql/test/library-tests/dataflow/synth-global/test.expected b/java/ql/test/library-tests/dataflow/synth-global/test.expected new file mode 100644 index 00000000000..81332464f79 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/synth-global/test.expected @@ -0,0 +1,2 @@ +failures +invalidModelRow diff --git a/java/ql/test/library-tests/dataflow/synth-global/test.ql b/java/ql/test/library-tests/dataflow/synth-global/test.ql new file mode 100644 index 00000000000..47a1573865c --- /dev/null +++ b/java/ql/test/library-tests/dataflow/synth-global/test.ql @@ -0,0 +1,16 @@ +import java +import TestUtilities.InlineFlowTest +import CsvValidation + +class SummaryModelTest extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "my.qltest.synth;A;false;storeInArray;(String);;Argument[0];SyntheticGlobal[db1].ArrayElement;value;manual", + "my.qltest.synth;A;false;storeTaintInArray;(String);;Argument[0];SyntheticGlobal[db1].ArrayElement;taint;manual", + "my.qltest.synth;A;false;storeValue;(String);;Argument[0];SyntheticGlobal[db1];value;manual", + "my.qltest.synth;A;false;readValue;();;SyntheticGlobal[db1];ReturnValue;value;manual", + "my.qltest.synth;A;false;readArray;();;SyntheticGlobal[db1].ArrayElement;ReturnValue;value;manual", + ] + } +} diff --git a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected index cdd00c02fef..1c0986ada31 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected +++ b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected @@ -14,7 +14,7 @@ nodes | UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | semmle.label | getParameter(...) : String | subpaths #select -| UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | Potentially untrusted URL redirection due to $@. | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) | user-provided value | -| UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | Potentially untrusted URL redirection due to $@. | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) | user-provided value | -| UrlRedirectJax.java:10:24:10:62 | new URI(...) | UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | Potentially untrusted URL redirection due to $@. | UrlRedirectJax.java:10:32:10:61 | getParameter(...) | user-provided value | -| UrlRedirectJax.java:13:33:13:71 | new URI(...) | UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | Potentially untrusted URL redirection due to $@. | UrlRedirectJax.java:13:41:13:70 | getParameter(...) | user-provided value | +| UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) | user-provided value | +| UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) | user-provided value | +| UrlRedirectJax.java:10:24:10:62 | new URI(...) | UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJax.java:10:32:10:61 | getParameter(...) | user-provided value | +| UrlRedirectJax.java:13:33:13:71 | new URI(...) | UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJax.java:13:41:13:70 | getParameter(...) | user-provided value | diff --git a/java/ql/test/library-tests/frameworks/android/intent/AndroidManifest.xml b/java/ql/test/library-tests/frameworks/android/intent/AndroidManifest.xml index 0be6a0ae8f8..0b7cc21200b 100644 --- a/java/ql/test/library-tests/frameworks/android/intent/AndroidManifest.xml +++ b/java/ql/test/library-tests/frameworks/android/intent/AndroidManifest.xml @@ -18,5 +18,30 @@ android:exported="false"> + + + + + + + + + + + + + + + diff --git a/java/ql/test/library-tests/frameworks/android/intent/TestStartActivityToGetIntent.java b/java/ql/test/library-tests/frameworks/android/intent/TestStartActivityToGetIntent.java index 3d497aac93d..35884a23a58 100644 --- a/java/ql/test/library-tests/frameworks/android/intent/TestStartActivityToGetIntent.java +++ b/java/ql/test/library-tests/frameworks/android/intent/TestStartActivityToGetIntent.java @@ -4,22 +4,90 @@ import android.content.Intent; public class TestStartActivityToGetIntent { - static Object source() { + static Object source(String kind) { return null; } static void sink(Object sink) {} - public void test(Context ctx) { - Intent intent = new Intent(null, SomeActivity.class); - intent.putExtra("data", (String) source()); - ctx.startActivity(intent); + public void test(Context ctx, Activity act) { + + // test all methods that start an activity + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("ctx-start")); + ctx.startActivity(intent); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("ctx-start-acts")); + Intent[] intents = new Intent[] {intent}; + ctx.startActivities(intents); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("act-start")); + act.startActivity(intent); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("act-start-acts")); + Intent[] intents = new Intent[] {intent}; + act.startActivities(intents); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("start-for-result")); + act.startActivityForResult(intent, 0); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("start-if-needed")); + act.startActivityIfNeeded(intent, 0); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("start-matching")); + act.startNextMatchingActivity(intent); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("start-from-child")); + act.startActivityFromChild(null, intent, 0); + } + { + Intent intent = new Intent(null, SomeActivity.class); + intent.putExtra("data", (String) source("start-from-frag")); + act.startActivityFromFragment(null, intent, 0); + } + + // test 4-arg Intent constructor + { + Intent intent = new Intent(null, null, null, SomeActivity.class); + intent.putExtra("data", (String) source("4-arg")); + ctx.startActivity(intent); + } + + // safe test + { + Intent intent = new Intent(null, SafeActivity.class); + intent.putExtra("data", "safe"); + ctx.startActivity(intent); + } } static class SomeActivity extends Activity { public void test() { - sink(getIntent().getStringExtra("data")); // $ hasValueFlow + sink(getIntent().getStringExtra("data")); // $ hasValueFlow=ctx-start hasValueFlow=act-start hasValueFlow=start-for-result hasValueFlow=start-if-needed hasValueFlow=start-matching hasValueFlow=start-from-child hasValueFlow=start-from-frag hasValueFlow=4-arg MISSING: hasValueFlow=ctx-start-acts hasValueFlow=act-start-acts + } + + } + + static class SafeActivity extends Activity { + + public void test() { + sink(getIntent().getStringExtra("data")); // Safe } } } diff --git a/java/ql/test/library-tests/frameworks/android/intent/TestStartBroadcastReceiverToIntent.java b/java/ql/test/library-tests/frameworks/android/intent/TestStartBroadcastReceiverToIntent.java new file mode 100644 index 00000000000..f317b3ed2e8 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/android/intent/TestStartBroadcastReceiverToIntent.java @@ -0,0 +1,93 @@ +import android.content.BroadcastReceiver; +import android.content.Context; +import android.content.Intent; + +public class TestStartBroadcastReceiverToIntent { + + static Object source(String kind) { + return null; + } + + static void sink(Object sink) {} + + public void test(Context ctx) { + + // test all methods that send a broadcast + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send")); + ctx.sendBroadcast(intent); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-as-user")); + ctx.sendBroadcastAsUser(intent, null); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-with-perm")); + ctx.sendBroadcastWithMultiplePermissions(intent, null); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-ordered")); + ctx.sendOrderedBroadcast(intent, null); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-ordered-as-user")); + ctx.sendOrderedBroadcastAsUser(intent, null, null, null, null, 0, null, null); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-sticky")); + ctx.sendStickyBroadcast(intent); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-sticky-as-user")); + ctx.sendStickyBroadcastAsUser(intent, null); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-sticky-ordered")); + ctx.sendStickyOrderedBroadcast(intent, null, null, 0, null, null); + } + { + Intent intent = new Intent(null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("send-sticky-ordered-as-user")); + ctx.sendStickyOrderedBroadcastAsUser(intent, null, null, null, 0, null, null); + } + + // test 4-arg Intent constructor + { + Intent intent = new Intent(null, null, null, SomeBroadcastReceiver.class); + intent.putExtra("data", (String) source("4-arg")); + ctx.sendBroadcast(intent); + } + + // safe test + { + Intent intent = new Intent(null, SafeBroadcastReceiver.class); + intent.putExtra("data", "safe"); + ctx.sendBroadcast(intent); + } + } + + static class SomeBroadcastReceiver extends BroadcastReceiver { + + // test method that receives an Intent as a parameter + @Override + public void onReceive(Context context, Intent intent) { + sink(intent.getStringExtra("data")); // $ hasValueFlow=send hasValueFlow=send-as-user hasValueFlow=send-with-perm hasValueFlow=send-ordered hasValueFlow=send-ordered-as-user hasValueFlow=send-sticky hasValueFlow=send-sticky-as-user hasValueFlow=send-sticky-ordered hasValueFlow=send-sticky-ordered-as-user hasValueFlow=4-arg + } + } + + static class SafeBroadcastReceiver extends BroadcastReceiver { + + @Override + public void onReceive(Context context, Intent intent) { + sink(intent.getStringExtra("data")); // Safe + } + } +} diff --git a/java/ql/test/library-tests/frameworks/android/intent/TestStartServiceToIntent.java b/java/ql/test/library-tests/frameworks/android/intent/TestStartServiceToIntent.java new file mode 100644 index 00000000000..98404eed1b7 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/android/intent/TestStartServiceToIntent.java @@ -0,0 +1,130 @@ +import android.app.Service; +import android.os.IBinder; +import android.content.Context; +import android.content.Intent; + +public class TestStartServiceToIntent { + + static Object source(String kind) { + return null; + } + + static void sink(Object sink) {} + + public void test(Context ctx) { + + // test all methods that start a service + { + Intent intent = new Intent(null, SomeService.class); + intent.putExtra("data", (String) source("bind")); + ctx.bindService(intent, null, 0); + } + { + Intent intent = new Intent(null, SomeService.class); + intent.putExtra("data", (String) source("bind-as-user")); + ctx.bindServiceAsUser(intent, null, 0, null); + } + { + Intent intent = new Intent(null, SomeService.class); + intent.putExtra("data", (String) source("bind-isolated")); + ctx.bindIsolatedService(intent, 0, null, null, null); + } + { + Intent intent = new Intent(null, SomeService.class); + intent.putExtra("data", (String) source("start")); + ctx.startService(intent); + } + { + Intent intent = new Intent(null, SomeService.class); + intent.putExtra("data", (String) source("start-foreground")); + ctx.startForegroundService(intent); + } + + // test 4-arg Intent constructor + { + Intent intent = new Intent(null, null, null, SomeService.class); + intent.putExtra("data", (String) source("4-arg")); + ctx.startService(intent); + } + + // safe test + { + Intent intent = new Intent(null, SafeService.class); + intent.putExtra("data", "safe"); + ctx.startService(intent); + } + } + + static class SomeService extends Service { + + // test methods that receive an Intent as a parameter + @Override + public void onStart(Intent intent, int startId) { + sink(intent.getStringExtra("data")); // $ hasValueFlow=bind hasValueFlow=bind-as-user hasValueFlow=bind-isolated hasValueFlow=start hasValueFlow=start-foreground hasValueFlow=4-arg + } + + @Override + public int onStartCommand(Intent intent, int flags, int startId) { + sink(intent.getStringExtra("data")); // $ hasValueFlow=bind hasValueFlow=bind-as-user hasValueFlow=bind-isolated hasValueFlow=start hasValueFlow=start-foreground hasValueFlow=4-arg + return -1; + } + + @Override + public IBinder onBind(Intent intent) { + sink(intent.getStringExtra("data")); // $ hasValueFlow=bind hasValueFlow=bind-as-user hasValueFlow=bind-isolated hasValueFlow=start hasValueFlow=start-foreground hasValueFlow=4-arg + return null; + } + + @Override + public boolean onUnbind(Intent intent) { + sink(intent.getStringExtra("data")); // $ hasValueFlow=bind hasValueFlow=bind-as-user hasValueFlow=bind-isolated hasValueFlow=start hasValueFlow=start-foreground hasValueFlow=4-arg + return false; + } + + @Override + public void onRebind(Intent intent) { + sink(intent.getStringExtra("data")); // $ hasValueFlow=bind hasValueFlow=bind-as-user hasValueFlow=bind-isolated hasValueFlow=start hasValueFlow=start-foreground hasValueFlow=4-arg + } + + @Override + public void onTaskRemoved(Intent intent) { + sink(intent.getStringExtra("data")); // $ hasValueFlow=bind hasValueFlow=bind-as-user hasValueFlow=bind-isolated hasValueFlow=start hasValueFlow=start-foreground hasValueFlow=4-arg + } + } + + static class SafeService extends Service { + + @Override + public void onStart(Intent intent, int startId) { + sink(intent.getStringExtra("data")); // Safe + } + + @Override + public int onStartCommand(Intent intent, int flags, int startId) { + sink(intent.getStringExtra("data")); // Safe + return -1; + } + + @Override + public IBinder onBind(Intent intent) { + sink(intent.getStringExtra("data")); // Safe + return null; + } + + @Override + public boolean onUnbind(Intent intent) { + sink(intent.getStringExtra("data")); // Safe + return false; + } + + @Override + public void onRebind(Intent intent) { + sink(intent.getStringExtra("data")); // Safe + } + + @Override + public void onTaskRemoved(Intent intent) { + sink(intent.getStringExtra("data")); // Safe + } + } +} diff --git a/java/ql/test/library-tests/pathsanitizer/Test.java b/java/ql/test/library-tests/pathsanitizer/Test.java new file mode 100644 index 00000000000..27a15d867ce --- /dev/null +++ b/java/ql/test/library-tests/pathsanitizer/Test.java @@ -0,0 +1,459 @@ +import java.io.File; +import java.net.URI; +import java.nio.file.Path; +import java.nio.file.Paths; +import android.net.Uri; + +public class Test { + + Object source() { + return null; + } + + void sink(Object o) {} + + private void exactPathMatchGuardValidation(String path) throws Exception { + if (!path.equals("/safe/path")) + throw new Exception(); + } + + public void exactPathMatchGuard() throws Exception { + { + String source = (String) source(); + if (source.equals("/safe/path")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + URI source = (URI) source(); + if (source.equals(new URI("http://safe/uri"))) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + File source = (File) source(); + if (source.equals(new File("/safe/file"))) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + Uri source = (Uri) source(); + if (source.equals(Uri.parse("http://safe/uri"))) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + exactPathMatchGuardValidation(source); + sink(source); // Safe + } + } + + private void allowListGuardValidation(String path) throws Exception { + if (path.contains("..") || !path.startsWith("/safe")) + throw new Exception(); + } + + public void allowListGuard() throws Exception { + // Prefix check by itself is not enough + { + String source = (String) source(); + if (source.startsWith("/safe")) { + sink(source); // $ hasTaintFlow + } else + sink(source); // $ hasTaintFlow + } + // PathTraversalGuard + allowListGuard + { + String source = (String) source(); + if (!source.contains("..") && source.startsWith("/safe")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (source.indexOf("..") == -1 && source.startsWith("/safe")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (source.lastIndexOf("..") == -1 && source.startsWith("/safe")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + // PathTraversalSanitizer + allowListGuard + { + File source = (File) source(); + String normalized = source.getCanonicalPath(); + if (normalized.startsWith("/safe")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + File source = (File) source(); + String normalized = source.getCanonicalFile().toString(); + if (normalized.startsWith("/safe")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + Path normalized = Paths.get(source).normalize(); + if (normalized.startsWith("/safe")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (normalized.startsWith("/safe")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (normalized.regionMatches(0, "/safe", 0, 5)) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (normalized.matches("/safe/.*")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + // validation method + { + String source = (String) source(); + allowListGuardValidation(source); + sink(source); // Safe + } + // PathInjectionSanitizer + partial string match is considered unsafe + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (normalized.contains("/safe")) { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (normalized.regionMatches(1, "/safe", 0, 5)) { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (normalized.matches(".*/safe/.*")) { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + } + + private void dotDotCheckGuardValidation(String path) throws Exception { + if (!path.startsWith("/safe") || path.contains("..")) + throw new Exception(); + } + + public void dotDotCheckGuard() throws Exception { + // dot dot check by itself is not enough + { + String source = (String) source(); + if (!source.contains("..")) { + sink(source); // $ hasTaintFlow + } else + sink(source); // $ hasTaintFlow + } + // allowListGuard + dotDotCheckGuard + { + String source = (String) source(); + if (source.startsWith("/safe") && !source.contains("..")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (source.startsWith("/safe") && source.indexOf("..") == -1) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (!source.startsWith("/safe") || source.indexOf("..") != -1) + sink(source); // $ hasTaintFlow + else + sink(source); // Safe + } + { + String source = (String) source(); + if (source.startsWith("/safe") && source.lastIndexOf("..") == -1) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + // blockListGuard + dotDotCheckGuard + { + String source = (String) source(); + if (!source.startsWith("/data") && !source.contains("..")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (!source.startsWith("/data") && source.indexOf("..") == -1) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (source.startsWith("/data") || source.indexOf("..") != -1) + sink(source); // $ hasTaintFlow + else + sink(source); // Safe + } + { + String source = (String) source(); + if (!source.startsWith("/data") && source.lastIndexOf("..") == -1) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + // validation method + { + String source = (String) source(); + dotDotCheckGuardValidation(source); + sink(source); // Safe + } + } + + private void blockListGuardValidation(String path) throws Exception { + if (path.contains("..") || !path.startsWith("/data")) + throw new Exception(); + } + + public void blockListGuard() throws Exception { + // Prefix check by itself is not enough + { + String source = (String) source(); + if (!source.startsWith("/data")) { + sink(source); // $ hasTaintFlow + } else + sink(source); // $ hasTaintFlow + } + // PathTraversalGuard + blockListGuard + { + String source = (String) source(); + if (!source.contains("..") && !source.startsWith("/data")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (source.indexOf("..") == -1 && !source.startsWith("/data")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + if (source.lastIndexOf("..") == -1 && !source.startsWith("/data")) + sink(source); // Safe + else + sink(source); // $ hasTaintFlow + } + // PathTraversalSanitizer + blockListGuard + { + File source = (File) source(); + String normalized = source.getCanonicalPath(); + if (!normalized.startsWith("/data")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + File source = (File) source(); + String normalized = source.getCanonicalFile().toString(); + if (!normalized.startsWith("/data")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + Path normalized = Paths.get(source).normalize(); + if (!normalized.startsWith("/data")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.startsWith("/data")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.regionMatches(0, "/data", 0, 5)) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.matches("/data/.*")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + // validation method + { + String source = (String) source(); + blockListGuardValidation(source); + sink(source); // Safe + } + // PathInjectionSanitizer + partial string match with disallowed words + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.contains("/")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.regionMatches(1, "/", 0, 5)) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.matches("/")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + // PathInjectionSanitizer + partial string match with disallowed prefixes + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.contains("/data")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.regionMatches(1, "/data", 0, 5)) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + { + String source = (String) source(); + String normalized = Paths.get(source).normalize().toString(); + if (!normalized.matches(".*/data/.*")) { + sink(source); // Safe + sink(normalized); // Safe + } else { + sink(source); // $ hasTaintFlow + sink(normalized); // $ hasTaintFlow + } + } + } +} diff --git a/java/ql/test/library-tests/pathsanitizer/options b/java/ql/test/library-tests/pathsanitizer/options new file mode 100644 index 00000000000..1e6e9ea2bf1 --- /dev/null +++ b/java/ql/test/library-tests/pathsanitizer/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../stubs/google-android-9.0.0 diff --git a/java/ql/test/library-tests/pathsanitizer/test.expected b/java/ql/test/library-tests/pathsanitizer/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/pathsanitizer/test.ql b/java/ql/test/library-tests/pathsanitizer/test.ql new file mode 100644 index 00000000000..c3b8ca70367 --- /dev/null +++ b/java/ql/test/library-tests/pathsanitizer/test.ql @@ -0,0 +1,15 @@ +import java +import semmle.code.java.security.PathSanitizer +import TestUtilities.InlineFlowTest + +class PathSanitizerConf extends DefaultTaintFlowConf { + override predicate isSanitizer(DataFlow::Node sanitizer) { + sanitizer instanceof PathInjectionSanitizer + } +} + +class Test extends InlineFlowTest { + override DataFlow::Configuration getValueFlowConfig() { none() } + + override DataFlow::Configuration getTaintFlowConfig() { result = any(PathSanitizerConf config) } +} diff --git a/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.expected b/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.expected index 2410d97aeb8..b344c9c1977 100644 --- a/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.expected +++ b/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.expected @@ -1,6 +1,6 @@ -| Test.java:10:9:10:27 | ...instanceof... | Variable $@ cannot be of type $@ here, since $@ ensures that it is not of type $@. | Test.java:7:11:7:19 | lhs | lhs | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:8:7:8:25 | ...instanceof... | this expression | Test.java:3:15:3:18 | Sub1 | Sub1 | -| Test.java:15:12:15:28 | ...instanceof... | Variable $@ cannot be of type $@ here, since $@ ensures that it is not of type $@. | Test.java:13:11:13:17 | x | x | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:14:7:14:24 | ...instanceof... | this expression | Test.java:2:15:2:19 | Super | Super | -| Test.java:21:12:21:28 | ...instanceof... | Variable $@ cannot be of type $@ here, since $@ ensures that it is not of type $@. | Test.java:19:11:19:17 | x | x | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:20:7:20:23 | ...instanceof... | this expression | Test.java:3:15:3:18 | Sub1 | Sub1 | -| Test.java:27:12:27:28 | ...instanceof... | Variable $@ cannot be of type $@ here, since $@ ensures that it is not of type $@. | Test.java:25:9:25:15 | x | x | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:26:28:26:45 | ...instanceof... | this expression | Test.java:2:15:2:19 | Super | Super | -| Test.java:34:20:34:35 | (...)... | Variable $@ cannot be of type $@ here, since $@ ensures that it is not of type $@. | Test.java:32:24:32:36 | object | object | Test.java:1:14:1:17 | Test | Test | Test.java:33:29:33:50 | ...instanceof... | this expression | Test.java:1:14:1:17 | Test | Test | -| Test.java:43:11:43:17 | (...)... | Variable $@ cannot be of type $@ here, since $@ ensures that it is not of type $@. | Test.java:41:9:41:15 | o | o | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:42:9:42:25 | ...instanceof... | this expression | Test.java:3:15:3:18 | Sub1 | Sub1 | +| Test.java:10:9:10:27 | ...instanceof... | This access of $@ cannot be of type $@, since $@ ensures that it is not of type $@. | Test.java:7:11:7:19 | lhs | lhs | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:8:7:8:25 | ...instanceof... | this expression | Test.java:3:15:3:18 | Sub1 | Sub1 | +| Test.java:15:12:15:28 | ...instanceof... | This access of $@ cannot be of type $@, since $@ ensures that it is not of type $@. | Test.java:13:11:13:17 | x | x | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:14:7:14:24 | ...instanceof... | this expression | Test.java:2:15:2:19 | Super | Super | +| Test.java:21:12:21:28 | ...instanceof... | This access of $@ cannot be of type $@, since $@ ensures that it is not of type $@. | Test.java:19:11:19:17 | x | x | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:20:7:20:23 | ...instanceof... | this expression | Test.java:3:15:3:18 | Sub1 | Sub1 | +| Test.java:27:12:27:28 | ...instanceof... | This access of $@ cannot be of type $@, since $@ ensures that it is not of type $@. | Test.java:25:9:25:15 | x | x | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:26:28:26:45 | ...instanceof... | this expression | Test.java:2:15:2:19 | Super | Super | +| Test.java:34:20:34:35 | (...)... | This access of $@ cannot be of type $@, since $@ ensures that it is not of type $@. | Test.java:32:24:32:36 | object | object | Test.java:1:14:1:17 | Test | Test | Test.java:33:29:33:50 | ...instanceof... | this expression | Test.java:1:14:1:17 | Test | Test | +| Test.java:43:11:43:17 | (...)... | This access of $@ cannot be of type $@, since $@ ensures that it is not of type $@. | Test.java:41:9:41:15 | o | o | Test.java:3:15:3:18 | Sub1 | Sub1 | Test.java:42:9:42:25 | ...instanceof... | this expression | Test.java:3:15:3:18 | Sub1 | Sub1 | diff --git a/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.expected b/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.expected index f66bd6e23ce..32e76e50bc2 100644 --- a/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.expected +++ b/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.expected @@ -1 +1 @@ -| InefficientOutputStreamBad.java:5:14:5:39 | InefficientOutputStreamBad | This class extends java.io.OutputStream and implements $@, but does not override write(byte[],int,int) | InefficientOutputStreamBad.java:15:14:15:18 | write | write | +| InefficientOutputStreamBad.java:5:14:5:39 | InefficientOutputStreamBad | This class extends 'java.io.OutputStream' and implements $@, but does not override 'write(byte[],int,int)'. | InefficientOutputStreamBad.java:15:14:15:18 | write | write | diff --git a/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.expected b/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.expected index 85653b45351..8b50f224341 100644 --- a/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.expected +++ b/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.expected @@ -1,3 +1,3 @@ -| Test.java:16:5:16:17 | remove(...) | This call may fail when iterating over the collection created $@, since it does not support element removal. | Test.java:29:16:29:32 | asList(...) | here | -| Test.java:16:5:16:17 | remove(...) | This call may fail when iterating over the collection created $@, since it does not support element removal. | Test.java:33:16:33:43 | singletonList(...) | here | -| Test.java:44:3:44:23 | remove(...) | This call may fail when iterating over the collection created $@, since it does not support element removal. | Test.java:52:15:52:31 | asList(...) | here | +| Test.java:16:5:16:17 | remove(...) | This call may fail when iterating over $@, since it does not support element removal. | Test.java:29:16:29:32 | asList(...) | the collection | +| Test.java:16:5:16:17 | remove(...) | This call may fail when iterating over $@, since it does not support element removal. | Test.java:33:16:33:43 | singletonList(...) | the collection | +| Test.java:44:3:44:23 | remove(...) | This call may fail when iterating over $@, since it does not support element removal. | Test.java:52:15:52:31 | asList(...) | the collection | diff --git a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.expected b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.expected index 5b031604e56..f94a6f61f33 100644 --- a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.expected +++ b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.expected @@ -1,3 +1,2 @@ | ImpossibleJavadocThrows.java:9:5:9:12 | @throws | Javadoc for bad1 claims to throw InterruptedException but this is impossible. | | ImpossibleJavadocThrows.java:16:5:16:15 | @exception | Javadoc for bad2 claims to throw Exception but this is impossible. | -| ImpossibleJavadocThrows.java:23:5:23:12 | @throws | Javadoc for bad3 claims to throw Runnable but this is impossible. | diff --git a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java index b0b27397359..7ba8988c38b 100644 --- a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java +++ b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java @@ -18,13 +18,6 @@ class ImpossibleJavadocThrows { public void bad2() { } - /** - * - * @throws Runnable - */ - public void bad3() { - } - /** * * @throws InterruptedException diff --git a/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.expected b/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.expected index fd1fbd7ede5..313f9886ff7 100644 --- a/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.expected +++ b/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.expected @@ -1 +1 @@ -| Bad.java:13:17:13:22 | equals | equals() method does not check argument type. | +| Bad.java:13:17:13:22 | equals | This 'equals()' method does not check argument type. | diff --git a/java/ql/test/query-tests/Nullness/NullAlways.expected b/java/ql/test/query-tests/Nullness/NullAlways.expected index 5df5334c68d..8520353a1c6 100644 --- a/java/ql/test/query-tests/Nullness/NullAlways.expected +++ b/java/ql/test/query-tests/Nullness/NullAlways.expected @@ -1,16 +1,16 @@ -| A.java:15:7:15:9 | not | Variable $@ is always null here. | A.java:13:5:13:22 | Object not | not | -| A.java:97:18:97:36 | synchronized_always | Variable $@ is always null here. | A.java:96:5:96:38 | Object synchronized_always | synchronized_always | -| A.java:161:26:161:34 | do_always | Variable $@ is always null here. | A.java:159:5:159:28 | String do_always | do_always | -| A.java:167:26:167:34 | do_maybe1 | Variable $@ is always null here. | A.java:165:5:165:28 | String do_maybe1 | do_maybe1 | -| A.java:187:26:187:37 | while_always | Variable $@ is always null here. | A.java:185:5:185:31 | String while_always | while_always | -| A.java:207:26:207:34 | if_always | Variable $@ is always null here. | A.java:205:5:205:28 | String if_always | if_always | -| A.java:223:24:223:29 | for_ok | Variable $@ is always null here. | A.java:219:5:219:19 | String for_ok | for_ok | -| A.java:226:26:226:35 | for_always | Variable $@ is always null here. | A.java:225:10:225:33 | String for_always | for_always | -| A.java:236:5:236:14 | array_null | Variable $@ is always null here. | A.java:235:5:235:28 | int[] array_null | array_null | -| A.java:248:24:248:34 | arrayaccess | Variable $@ is always null here. | A.java:244:5:244:29 | int[] arrayaccess | arrayaccess | -| A.java:249:24:249:34 | fieldaccess | Variable $@ is always null here. | A.java:245:5:245:32 | String[] fieldaccess | fieldaccess | -| A.java:250:24:250:35 | methodaccess | Variable $@ is always null here. | A.java:246:5:246:31 | Object methodaccess | methodaccess | -| A.java:264:21:264:30 | for_always | Variable $@ is always null here. | A.java:263:5:263:35 | List for_always | for_always | -| A.java:266:24:266:33 | for_always | Variable $@ is always null here. | A.java:263:5:263:35 | List for_always | for_always | -| A.java:293:5:293:5 | s | Variable $@ is always null here. | A.java:291:5:291:33 | Object s | s | -| B.java:304:7:304:9 | ioe | Variable $@ is always null here. | B.java:297:5:297:25 | Exception ioe | ioe | +| A.java:15:7:15:9 | not | Variable $@ is always null at this dereference. | A.java:13:5:13:22 | Object not | not | +| A.java:97:18:97:36 | synchronized_always | Variable $@ is always null at this dereference. | A.java:96:5:96:38 | Object synchronized_always | synchronized_always | +| A.java:161:26:161:34 | do_always | Variable $@ is always null at this dereference. | A.java:159:5:159:28 | String do_always | do_always | +| A.java:167:26:167:34 | do_maybe1 | Variable $@ is always null at this dereference. | A.java:165:5:165:28 | String do_maybe1 | do_maybe1 | +| A.java:187:26:187:37 | while_always | Variable $@ is always null at this dereference. | A.java:185:5:185:31 | String while_always | while_always | +| A.java:207:26:207:34 | if_always | Variable $@ is always null at this dereference. | A.java:205:5:205:28 | String if_always | if_always | +| A.java:223:24:223:29 | for_ok | Variable $@ is always null at this dereference. | A.java:219:5:219:19 | String for_ok | for_ok | +| A.java:226:26:226:35 | for_always | Variable $@ is always null at this dereference. | A.java:225:10:225:33 | String for_always | for_always | +| A.java:236:5:236:14 | array_null | Variable $@ is always null at this dereference. | A.java:235:5:235:28 | int[] array_null | array_null | +| A.java:248:24:248:34 | arrayaccess | Variable $@ is always null at this dereference. | A.java:244:5:244:29 | int[] arrayaccess | arrayaccess | +| A.java:249:24:249:34 | fieldaccess | Variable $@ is always null at this dereference. | A.java:245:5:245:32 | String[] fieldaccess | fieldaccess | +| A.java:250:24:250:35 | methodaccess | Variable $@ is always null at this dereference. | A.java:246:5:246:31 | Object methodaccess | methodaccess | +| A.java:264:21:264:30 | for_always | Variable $@ is always null at this dereference. | A.java:263:5:263:35 | List for_always | for_always | +| A.java:266:24:266:33 | for_always | Variable $@ is always null at this dereference. | A.java:263:5:263:35 | List for_always | for_always | +| A.java:293:5:293:5 | s | Variable $@ is always null at this dereference. | A.java:291:5:291:33 | Object s | s | +| B.java:304:7:304:9 | ioe | Variable $@ is always null at this dereference. | B.java:297:5:297:25 | Exception ioe | ioe | diff --git a/java/ql/test/query-tests/Nullness/NullMaybe.expected b/java/ql/test/query-tests/Nullness/NullMaybe.expected index 5dfcc72f1d4..8fc6aed34ea 100644 --- a/java/ql/test/query-tests/Nullness/NullMaybe.expected +++ b/java/ql/test/query-tests/Nullness/NullMaybe.expected @@ -1,37 +1,37 @@ -| A.java:48:5:48:21 | assertNotNull_ok3 | Variable $@ may be null here because of $@ assignment. | A.java:46:5:46:61 | Object assertNotNull_ok3 | assertNotNull_ok3 | A.java:46:12:46:60 | assertNotNull_ok3 | this | -| A.java:172:26:172:33 | do_maybe | Variable $@ may be null here because of $@ assignment. | A.java:170:5:170:25 | String do_maybe | do_maybe | A.java:173:7:173:21 | ...=... | this | -| A.java:193:26:193:36 | while_maybe | Variable $@ may be null here because of $@ assignment. | A.java:191:5:191:28 | String while_maybe | while_maybe | A.java:194:7:194:24 | ...=... | this | -| A.java:215:24:215:31 | if_maybe | Variable $@ may be null here because of $@ assignment. | A.java:211:5:211:25 | String if_maybe | if_maybe | A.java:213:7:213:21 | ...=... | this | -| A.java:230:26:230:34 | for_maybe | Variable $@ may be null here because of $@ assignment. | A.java:229:10:229:30 | String for_maybe | for_maybe | A.java:229:35:229:50 | ...=... | this | -| A.java:273:24:273:32 | for_maybe | Variable $@ may be null here because of $@ assignment. | A.java:268:5:268:63 | List for_maybe | for_maybe | A.java:271:7:271:22 | ...=... | this | -| B.java:16:5:16:9 | param | Variable $@ may be null here because of $@ null argument. | B.java:15:23:15:34 | param | param | B.java:11:13:11:16 | null | this | -| B.java:23:5:23:9 | param | Variable $@ may be null here as suggested by $@ null guard. | B.java:19:23:19:34 | param | param | B.java:20:9:20:21 | ... != ... | this | -| B.java:57:7:57:8 | o7 | Variable $@ may be null here because of $@ assignment. | B.java:52:5:52:34 | Object o7 | o7 | B.java:52:12:52:33 | o7 | this | -| B.java:69:16:69:17 | xs | Variable $@ may be null here because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | -| B.java:70:24:70:25 | xs | Variable $@ may be null here because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | -| B.java:72:15:72:16 | xs | Variable $@ may be null here because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | -| B.java:75:20:75:21 | xs | Variable $@ may be null here because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | -| B.java:78:20:78:21 | xs | Variable $@ may be null here because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | -| B.java:118:5:118:7 | obj | Variable $@ may be null here as suggested by $@ null guard. | B.java:117:27:117:36 | obj | obj | B.java:119:13:119:23 | ... != ... | this | -| B.java:133:5:133:7 | obj | Variable $@ may be null here because of $@ assignment. | B.java:128:5:128:22 | Object obj | obj | B.java:128:12:128:21 | obj | this | -| B.java:190:7:190:7 | o | Variable $@ may be null here because of $@ assignment. | B.java:178:5:178:20 | Object o | o | B.java:186:5:186:12 | ...=... | this | -| B.java:279:7:279:7 | a | Variable $@ may be null here because of $@ assignment. | B.java:276:5:276:19 | int[] a | a | B.java:276:11:276:18 | a | this | -| B.java:292:7:292:7 | b | Variable $@ may be null here because of $@ assignment. | B.java:287:5:287:44 | int[] b | b | B.java:287:11:287:43 | b | this | -| B.java:408:7:408:7 | x | Variable $@ may be null here as suggested by $@ null guard. | B.java:374:23:374:30 | x | x | B.java:375:23:375:31 | ... != ... | this | -| C.java:9:44:9:45 | a2 | Variable $@ may be null here as suggested by $@ null guard. | C.java:6:5:6:23 | long[][] a2 | a2 | C.java:7:34:7:54 | ... != ... | this | -| C.java:9:44:9:45 | a2 | Variable $@ may be null here because of $@ assignment. | C.java:6:5:6:23 | long[][] a2 | a2 | C.java:6:14:6:22 | a2 | this | -| C.java:10:17:10:18 | a3 | Variable $@ may be null here as suggested by $@ null guard. | C.java:8:5:8:21 | long[] a3 | a3 | C.java:9:38:9:58 | ... != ... | this | -| C.java:10:17:10:18 | a3 | Variable $@ may be null here because of $@ assignment. | C.java:8:5:8:21 | long[] a3 | a3 | C.java:8:12:8:20 | a3 | this | -| C.java:21:7:21:8 | s1 | Variable $@ may be null here because of $@ assignment. | C.java:14:5:14:30 | String s1 | s1 | C.java:17:7:17:24 | ...=... | this | -| C.java:51:7:51:11 | slice | Variable $@ may be null here because of $@ assignment. | C.java:43:5:43:30 | List slice | slice | C.java:43:18:43:29 | slice | this | -| C.java:63:7:63:9 | arr | Variable $@ may be null here as suggested by $@ null guard. | C.java:57:35:57:43 | arr | arr | C.java:60:16:60:26 | ... == ... | this | -| C.java:100:7:100:10 | arr2 | Variable $@ may be null here because of $@ assignment. | C.java:95:5:95:22 | int[] arr2 | arr2 | C.java:95:11:95:21 | arr2 | this | -| C.java:110:25:110:27 | obj | Variable $@ may be null here because of $@ assignment. | C.java:106:5:106:30 | Object obj | obj | C.java:118:13:118:22 | ...=... | this | -| C.java:137:7:137:10 | obj2 | Variable $@ may be null here as suggested by $@ null guard. | C.java:131:5:131:23 | Object obj2 | obj2 | C.java:132:9:132:20 | ... != ... | this | -| C.java:144:15:144:15 | a | Variable $@ may be null here as suggested by $@ null guard. | C.java:141:20:141:26 | a | a | C.java:142:13:142:21 | ... == ... | this | -| C.java:188:9:188:11 | obj | Variable $@ may be null here because of $@ assignment. | C.java:181:5:181:22 | Object obj | obj | C.java:181:12:181:21 | obj | this | -| C.java:207:9:207:11 | obj | Variable $@ may be null here because of $@ assignment. | C.java:201:5:201:22 | Object obj | obj | C.java:201:12:201:21 | obj | this | -| C.java:219:9:219:10 | o1 | Variable $@ may be null here as suggested by $@ null guard. | C.java:212:20:212:28 | o1 | o1 | C.java:213:9:213:18 | ... == ... | this | -| C.java:233:7:233:8 | xs | Variable $@ may be null here because of $@ assignment. | C.java:231:5:231:56 | int[] xs | xs | C.java:231:11:231:55 | xs | this | -| F.java:11:5:11:7 | obj | Variable $@ may be null here as suggested by $@ null guard. | F.java:8:18:8:27 | obj | obj | F.java:9:9:9:19 | ... == ... | this | -| F.java:17:5:17:7 | obj | Variable $@ may be null here as suggested by $@ null guard. | F.java:14:18:14:27 | obj | obj | F.java:15:9:15:19 | ... == ... | this | +| A.java:48:5:48:21 | assertNotNull_ok3 | Variable $@ may be null at this access because of $@ assignment. | A.java:46:5:46:61 | Object assertNotNull_ok3 | assertNotNull_ok3 | A.java:46:12:46:60 | assertNotNull_ok3 | this | +| A.java:172:26:172:33 | do_maybe | Variable $@ may be null at this access because of $@ assignment. | A.java:170:5:170:25 | String do_maybe | do_maybe | A.java:173:7:173:21 | ...=... | this | +| A.java:193:26:193:36 | while_maybe | Variable $@ may be null at this access because of $@ assignment. | A.java:191:5:191:28 | String while_maybe | while_maybe | A.java:194:7:194:24 | ...=... | this | +| A.java:215:24:215:31 | if_maybe | Variable $@ may be null at this access because of $@ assignment. | A.java:211:5:211:25 | String if_maybe | if_maybe | A.java:213:7:213:21 | ...=... | this | +| A.java:230:26:230:34 | for_maybe | Variable $@ may be null at this access because of $@ assignment. | A.java:229:10:229:30 | String for_maybe | for_maybe | A.java:229:35:229:50 | ...=... | this | +| A.java:273:24:273:32 | for_maybe | Variable $@ may be null at this access because of $@ assignment. | A.java:268:5:268:63 | List for_maybe | for_maybe | A.java:271:7:271:22 | ...=... | this | +| B.java:16:5:16:9 | param | Variable $@ may be null at this access because of $@ null argument. | B.java:15:23:15:34 | param | param | B.java:11:13:11:16 | null | this | +| B.java:23:5:23:9 | param | Variable $@ may be null at this access as suggested by $@ null guard. | B.java:19:23:19:34 | param | param | B.java:20:9:20:21 | ... != ... | this | +| B.java:57:7:57:8 | o7 | Variable $@ may be null at this access because of $@ assignment. | B.java:52:5:52:34 | Object o7 | o7 | B.java:52:12:52:33 | o7 | this | +| B.java:69:16:69:17 | xs | Variable $@ may be null at this access because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | +| B.java:70:24:70:25 | xs | Variable $@ may be null at this access because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | +| B.java:72:15:72:16 | xs | Variable $@ may be null at this access because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | +| B.java:75:20:75:21 | xs | Variable $@ may be null at this access because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | +| B.java:78:20:78:21 | xs | Variable $@ may be null at this access because of $@ assignment. | B.java:68:5:68:41 | int[] xs | xs | B.java:68:11:68:40 | xs | this | +| B.java:118:5:118:7 | obj | Variable $@ may be null at this access as suggested by $@ null guard. | B.java:117:27:117:36 | obj | obj | B.java:119:13:119:23 | ... != ... | this | +| B.java:133:5:133:7 | obj | Variable $@ may be null at this access because of $@ assignment. | B.java:128:5:128:22 | Object obj | obj | B.java:128:12:128:21 | obj | this | +| B.java:190:7:190:7 | o | Variable $@ may be null at this access because of $@ assignment. | B.java:178:5:178:20 | Object o | o | B.java:186:5:186:12 | ...=... | this | +| B.java:279:7:279:7 | a | Variable $@ may be null at this access because of $@ assignment. | B.java:276:5:276:19 | int[] a | a | B.java:276:11:276:18 | a | this | +| B.java:292:7:292:7 | b | Variable $@ may be null at this access because of $@ assignment. | B.java:287:5:287:44 | int[] b | b | B.java:287:11:287:43 | b | this | +| B.java:408:7:408:7 | x | Variable $@ may be null at this access as suggested by $@ null guard. | B.java:374:23:374:30 | x | x | B.java:375:23:375:31 | ... != ... | this | +| C.java:9:44:9:45 | a2 | Variable $@ may be null at this access as suggested by $@ null guard. | C.java:6:5:6:23 | long[][] a2 | a2 | C.java:7:34:7:54 | ... != ... | this | +| C.java:9:44:9:45 | a2 | Variable $@ may be null at this access because of $@ assignment. | C.java:6:5:6:23 | long[][] a2 | a2 | C.java:6:14:6:22 | a2 | this | +| C.java:10:17:10:18 | a3 | Variable $@ may be null at this access as suggested by $@ null guard. | C.java:8:5:8:21 | long[] a3 | a3 | C.java:9:38:9:58 | ... != ... | this | +| C.java:10:17:10:18 | a3 | Variable $@ may be null at this access because of $@ assignment. | C.java:8:5:8:21 | long[] a3 | a3 | C.java:8:12:8:20 | a3 | this | +| C.java:21:7:21:8 | s1 | Variable $@ may be null at this access because of $@ assignment. | C.java:14:5:14:30 | String s1 | s1 | C.java:17:7:17:24 | ...=... | this | +| C.java:51:7:51:11 | slice | Variable $@ may be null at this access because of $@ assignment. | C.java:43:5:43:30 | List slice | slice | C.java:43:18:43:29 | slice | this | +| C.java:63:7:63:9 | arr | Variable $@ may be null at this access as suggested by $@ null guard. | C.java:57:35:57:43 | arr | arr | C.java:60:16:60:26 | ... == ... | this | +| C.java:100:7:100:10 | arr2 | Variable $@ may be null at this access because of $@ assignment. | C.java:95:5:95:22 | int[] arr2 | arr2 | C.java:95:11:95:21 | arr2 | this | +| C.java:110:25:110:27 | obj | Variable $@ may be null at this access because of $@ assignment. | C.java:106:5:106:30 | Object obj | obj | C.java:118:13:118:22 | ...=... | this | +| C.java:137:7:137:10 | obj2 | Variable $@ may be null at this access as suggested by $@ null guard. | C.java:131:5:131:23 | Object obj2 | obj2 | C.java:132:9:132:20 | ... != ... | this | +| C.java:144:15:144:15 | a | Variable $@ may be null at this access as suggested by $@ null guard. | C.java:141:20:141:26 | a | a | C.java:142:13:142:21 | ... == ... | this | +| C.java:188:9:188:11 | obj | Variable $@ may be null at this access because of $@ assignment. | C.java:181:5:181:22 | Object obj | obj | C.java:181:12:181:21 | obj | this | +| C.java:207:9:207:11 | obj | Variable $@ may be null at this access because of $@ assignment. | C.java:201:5:201:22 | Object obj | obj | C.java:201:12:201:21 | obj | this | +| C.java:219:9:219:10 | o1 | Variable $@ may be null at this access as suggested by $@ null guard. | C.java:212:20:212:28 | o1 | o1 | C.java:213:9:213:18 | ... == ... | this | +| C.java:233:7:233:8 | xs | Variable $@ may be null at this access because of $@ assignment. | C.java:231:5:231:56 | int[] xs | xs | C.java:231:11:231:55 | xs | this | +| F.java:11:5:11:7 | obj | Variable $@ may be null at this access as suggested by $@ null guard. | F.java:8:18:8:27 | obj | obj | F.java:9:9:9:19 | ... == ... | this | +| F.java:17:5:17:7 | obj | Variable $@ may be null at this access as suggested by $@ null guard. | F.java:14:18:14:27 | obj | obj | F.java:15:9:15:19 | ... == ... | this | diff --git a/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.expected b/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.expected index fb533a6802b..97e4271140a 100644 --- a/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.expected +++ b/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.expected @@ -1,6 +1,6 @@ -| PartiallyMaskedCatchTest.java:16:5:16:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:12:5:12:24 | catch (...) | here for exceptions of type 'ExceptionB' | -| PartiallyMaskedCatchTest.java:16:5:16:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:14:5:14:24 | catch (...) | here for exceptions of type 'ExceptionA' | -| PartiallyMaskedCatchTest.java:26:5:26:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:22:5:22:47 | catch (...) | here for exceptions of type 'ExceptionB' | -| PartiallyMaskedCatchTest.java:26:5:26:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:24:5:24:43 | catch (...) | here for exceptions of type 'ExceptionA' | -| PartiallyMaskedCatchTest.java:36:5:36:44 | catch (...) | This catch-clause is unreachable for type IOException; it is masked $@. | PartiallyMaskedCatchTest.java:32:5:32:47 | catch (...) | here for exceptions of type 'ExceptionB' | -| PartiallyMaskedCatchTest.java:36:5:36:44 | catch (...) | This catch-clause is unreachable for type IOException; it is masked $@. | PartiallyMaskedCatchTest.java:34:5:34:51 | catch (...) | here for exceptions of type 'ExceptionA' | +| PartiallyMaskedCatchTest.java:16:5:16:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:12:5:12:24 | catch (...) | by a previous catch-clause for exceptions of type 'ExceptionB' | +| PartiallyMaskedCatchTest.java:16:5:16:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:14:5:14:24 | catch (...) | by a previous catch-clause for exceptions of type 'ExceptionA' | +| PartiallyMaskedCatchTest.java:26:5:26:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:22:5:22:47 | catch (...) | by a previous catch-clause for exceptions of type 'ExceptionB' | +| PartiallyMaskedCatchTest.java:26:5:26:25 | catch (...) | This catch-clause is unreachable; it is masked $@. | PartiallyMaskedCatchTest.java:24:5:24:43 | catch (...) | by a previous catch-clause for exceptions of type 'ExceptionA' | +| PartiallyMaskedCatchTest.java:36:5:36:44 | catch (...) | This catch-clause is unreachable for type IOException; it is masked $@. | PartiallyMaskedCatchTest.java:32:5:32:47 | catch (...) | by a previous catch-clause for exceptions of type 'ExceptionB' | +| PartiallyMaskedCatchTest.java:36:5:36:44 | catch (...) | This catch-clause is unreachable for type IOException; it is masked $@. | PartiallyMaskedCatchTest.java:34:5:34:51 | catch (...) | by a previous catch-clause for exceptions of type 'ExceptionA' | diff --git a/java/ql/test/query-tests/SelfAssignment/SelfAssignment.expected b/java/ql/test/query-tests/SelfAssignment/SelfAssignment.expected index eee48376e7d..3721c1efb50 100644 --- a/java/ql/test/query-tests/SelfAssignment/SelfAssignment.expected +++ b/java/ql/test/query-tests/SelfAssignment/SelfAssignment.expected @@ -1 +1 @@ -| Test.java:6:3:6:7 | ...=... | This assigns the variable x to itself and has no effect. | +| Test.java:6:3:6:7 | ...=... | This expression assigns x to itself. | diff --git a/java/ql/test/query-tests/Stubs/Minimal/MinimalStubsFromSource.expected b/java/ql/test/query-tests/Stubs/Minimal/MinimalStubsFromSource.expected new file mode 100644 index 00000000000..487e08f9b2a --- /dev/null +++ b/java/ql/test/query-tests/Stubs/Minimal/MinimalStubsFromSource.expected @@ -0,0 +1,5 @@ +noGeneratedStubs +multipleGeneratedStubs +#select +| org.test.SampleAnnotationType | // Generated automatically from org.test.SampleAnnotationType for testing purposes\n\npackage org.test;\n\nimport java.lang.annotation.Annotation;\nimport java.lang.annotation.ElementType;\nimport java.lang.annotation.Target;\n\n@Target(value={java.lang.annotation.ElementType.METHOD})\npublic @interface SampleAnnotationType\n{\n}\n | +| org.test.SampleType | // Generated automatically from org.test.SampleType for testing purposes\n\npackage org.test;\n\n\npublic class SampleType\n{\n public Object sampleField = null;\n public SampleType(){}\n public void sampleMethod(){}\n}\n | diff --git a/java/ql/test/query-tests/Stubs/Minimal/MinimalStubsFromSource.qlref b/java/ql/test/query-tests/Stubs/Minimal/MinimalStubsFromSource.qlref new file mode 100644 index 00000000000..ea338d131e3 --- /dev/null +++ b/java/ql/test/query-tests/Stubs/Minimal/MinimalStubsFromSource.qlref @@ -0,0 +1 @@ +utils/stub-generator/MinimalStubsFromSource.ql \ No newline at end of file diff --git a/java/ql/test/query-tests/Stubs/Minimal/Test.java b/java/ql/test/query-tests/Stubs/Minimal/Test.java new file mode 100644 index 00000000000..ee08fc3d88d --- /dev/null +++ b/java/ql/test/query-tests/Stubs/Minimal/Test.java @@ -0,0 +1,13 @@ +import org.test.SampleAnnotationType; +import org.test.SampleType; + +public class Test { + + @SampleAnnotationType + public void test() { + new SampleType().sampleField = null; + new SampleType().sampleMethod(); + } + +} + diff --git a/java/ql/test/query-tests/Stubs/Minimal/options b/java/ql/test/query-tests/Stubs/Minimal/options new file mode 100644 index 00000000000..0d9d1d43a3e --- /dev/null +++ b/java/ql/test/query-tests/Stubs/Minimal/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/testlib.jar diff --git a/java/ql/test/query-tests/Stubs/Minimal/testlib.jar b/java/ql/test/query-tests/Stubs/Minimal/testlib.jar new file mode 100644 index 00000000000..e84dc876424 Binary files /dev/null and b/java/ql/test/query-tests/Stubs/Minimal/testlib.jar differ diff --git a/java/ql/test/query-tests/Stubs/testlib/README.md b/java/ql/test/query-tests/Stubs/testlib/README.md new file mode 100644 index 00000000000..fd61120deab --- /dev/null +++ b/java/ql/test/query-tests/Stubs/testlib/README.md @@ -0,0 +1,5 @@ +# testlib + +Library for testing stub generation (we need a binary dependency because normal stubs are source files, and thus are excluded by the stub generator). + +Run `generate.sh` to update `testlib.jar` in the test directory. \ No newline at end of file diff --git a/java/ql/test/query-tests/Stubs/testlib/generate.sh b/java/ql/test/query-tests/Stubs/testlib/generate.sh new file mode 100644 index 00000000000..e3727b2ff29 --- /dev/null +++ b/java/ql/test/query-tests/Stubs/testlib/generate.sh @@ -0,0 +1,3 @@ +#/bin/bash +javac org/test/*.java +jar cf ../Minimal/testlib.jar org/test/*.class \ No newline at end of file diff --git a/java/ql/test/query-tests/Stubs/testlib/org/test/SampleAnnotationType.java b/java/ql/test/query-tests/Stubs/testlib/org/test/SampleAnnotationType.java new file mode 100644 index 00000000000..4bb5cce8809 --- /dev/null +++ b/java/ql/test/query-tests/Stubs/testlib/org/test/SampleAnnotationType.java @@ -0,0 +1,9 @@ +package org.test; + +import java.lang.annotation.Target; +import java.lang.annotation.ElementType; + +@Target(ElementType.METHOD) +public @interface SampleAnnotationType { + +} diff --git a/java/ql/test/query-tests/Stubs/testlib/org/test/SampleType.java b/java/ql/test/query-tests/Stubs/testlib/org/test/SampleType.java new file mode 100644 index 00000000000..28546e14da3 --- /dev/null +++ b/java/ql/test/query-tests/Stubs/testlib/org/test/SampleType.java @@ -0,0 +1,8 @@ +package org.test; + +public class SampleType { + + public Object sampleField; + + public void sampleMethod() {} +} diff --git a/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.expected b/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.expected index 0962a371a07..0bd71a9d074 100644 --- a/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.expected +++ b/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.expected @@ -1,8 +1,8 @@ -| A.java:4:9:4:17 | ... == ... | This check is useless, $@ cannot be null here, since $@ always is non-null. | A.java:4:9:4:9 | o | o | A.java:3:16:3:27 | new Object(...) | new Object(...) | -| A.java:5:9:5:17 | ... != ... | This check is useless, $@ cannot be null here, since $@ always is non-null. | A.java:5:9:5:9 | o | o | A.java:3:16:3:27 | new Object(...) | new Object(...) | -| A.java:9:11:9:19 | ... == ... | This check is useless, $@ cannot be null here, since $@ always is non-null. | A.java:9:11:9:11 | e | e | A.java:8:23:8:23 | e | e | -| A.java:18:11:18:19 | ... != ... | This check is useless, $@ cannot be null here, since it is guarded by $@. | A.java:18:11:18:11 | a | a | A.java:16:9:16:22 | ...instanceof... | ...instanceof... | -| A.java:31:11:31:19 | ... != ... | This check is useless, $@ cannot be null here, since $@ always is non-null. | A.java:31:11:31:11 | x | x | A.java:29:17:29:20 | this | this | +| A.java:4:9:4:17 | ... == ... | This check is useless. $@ cannot be null at this check, since $@ always is non-null. | A.java:4:9:4:9 | o | o | A.java:3:16:3:27 | new Object(...) | new Object(...) | +| A.java:5:9:5:17 | ... != ... | This check is useless. $@ cannot be null at this check, since $@ always is non-null. | A.java:5:9:5:9 | o | o | A.java:3:16:3:27 | new Object(...) | new Object(...) | +| A.java:9:11:9:19 | ... == ... | This check is useless. $@ cannot be null at this check, since $@ always is non-null. | A.java:9:11:9:11 | e | e | A.java:8:23:8:23 | e | e | +| A.java:18:11:18:19 | ... != ... | This check is useless. $@ cannot be null at this check, since it is guarded by $@. | A.java:18:11:18:11 | a | a | A.java:16:9:16:22 | ...instanceof... | ...instanceof... | +| A.java:31:11:31:19 | ... != ... | This check is useless. $@ cannot be null at this check, since $@ always is non-null. | A.java:31:11:31:11 | x | x | A.java:29:17:29:20 | this | this | | A.java:40:14:40:25 | ... != ... | This check is useless, since $@ always is non-null. | A.java:40:14:40:17 | this | this | A.java:40:14:40:17 | this | this | -| A.java:42:9:42:17 | ... != ... | This check is useless, $@ cannot be null here, since it is guarded by $@. | A.java:42:9:42:9 | x | x | A.java:39:9:39:17 | ... == ... | ... == ... | -| A.java:52:9:52:24 | ... != ... | This check is useless, $@ cannot be null here, since $@ always is non-null. | A.java:52:9:52:16 | finalObj | finalObj | A.java:48:35:48:46 | new Object(...) | new Object(...) | +| A.java:42:9:42:17 | ... != ... | This check is useless. $@ cannot be null at this check, since it is guarded by $@. | A.java:42:9:42:9 | x | x | A.java:39:9:39:17 | ... == ... | ... == ... | +| A.java:52:9:52:24 | ... != ... | This check is useless. $@ cannot be null at this check, since $@ always is non-null. | A.java:52:9:52:16 | finalObj | finalObj | A.java:48:35:48:46 | new Object(...) | new Object(...) | diff --git a/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.expected b/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.expected index 18b21cf5a2b..6f83b11826b 100644 --- a/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.expected +++ b/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.expected @@ -1,2 +1,2 @@ -| Test.java:3:9:3:23 | ... == ... | This comparison will always yield the same result since 'NaN != NaN'. Consider using Double.isNaN instead | -| Test.java:4:9:4:22 | ... == ... | This comparison will always yield the same result since 'NaN != NaN'. Consider using Float.isNaN instead | +| Test.java:3:9:3:23 | ... == ... | This comparison will always yield the same result since 'NaN != NaN'. Consider using Double.isNaN instead. | +| Test.java:4:9:4:22 | ... == ... | This comparison will always yield the same result since 'NaN != NaN'. Consider using Float.isNaN instead. | diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected index 1d2935fe0d4..efd8132e166 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected @@ -36,14 +36,14 @@ nodes | Test.java:101:12:101:54 | new URI(...) | semmle.label | new URI(...) | subpaths #select -| Test.java:24:11:24:24 | new File(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:24:20:24:23 | temp | $@ flows to here and is used in a path. | Test.java:19:18:19:38 | getHostName(...) | User-provided value | -| Test.java:27:11:27:25 | get(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:27:21:27:24 | temp | $@ flows to here and is used in a path. | Test.java:19:18:19:38 | getHostName(...) | User-provided value | -| Test.java:30:11:30:48 | getPath(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:30:44:30:47 | temp | $@ flows to here and is used in a path. | Test.java:19:18:19:38 | getHostName(...) | User-provided value | -| Test.java:34:12:34:25 | new File(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:34:21:34:24 | temp | $@ flows to here and is used in a path. | Test.java:19:18:19:38 | getHostName(...) | User-provided value | -| Test.java:82:52:82:88 | new FileWriter(...) | Test.java:79:74:79:97 | getInputStream(...) : ServletInputStream | Test.java:82:67:82:81 | ... + ... | $@ flows to here and is used in a path. | Test.java:79:74:79:97 | getInputStream(...) | User-provided value | -| Test.java:90:26:90:29 | temp | Test.java:88:17:88:37 | getHostName(...) : String | Test.java:90:26:90:29 | temp | $@ flows to here and is used in a path. | Test.java:88:17:88:37 | getHostName(...) | User-provided value | -| Test.java:97:3:97:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:97:12:97:33 | new URI(...) | $@ flows to here and is used in a path. | Test.java:95:14:95:34 | getHostName(...) | User-provided value | -| Test.java:98:3:98:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:98:12:98:33 | new URI(...) | $@ flows to here and is used in a path. | Test.java:95:14:95:34 | getHostName(...) | User-provided value | -| Test.java:99:3:99:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:99:12:99:33 | new URI(...) | $@ flows to here and is used in a path. | Test.java:95:14:95:34 | getHostName(...) | User-provided value | -| Test.java:100:3:100:46 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:100:12:100:45 | new URI(...) | $@ flows to here and is used in a path. | Test.java:95:14:95:34 | getHostName(...) | User-provided value | -| Test.java:101:3:101:55 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) | $@ flows to here and is used in a path. | Test.java:95:14:95:34 | getHostName(...) | User-provided value | +| Test.java:24:11:24:24 | new File(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:24:20:24:23 | temp | This path depends on a $@. | Test.java:19:18:19:38 | getHostName(...) | user-provided value | +| Test.java:27:11:27:25 | get(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:27:21:27:24 | temp | This path depends on a $@. | Test.java:19:18:19:38 | getHostName(...) | user-provided value | +| Test.java:30:11:30:48 | getPath(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:30:44:30:47 | temp | This path depends on a $@. | Test.java:19:18:19:38 | getHostName(...) | user-provided value | +| Test.java:34:12:34:25 | new File(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:34:21:34:24 | temp | This path depends on a $@. | Test.java:19:18:19:38 | getHostName(...) | user-provided value | +| Test.java:82:52:82:88 | new FileWriter(...) | Test.java:79:74:79:97 | getInputStream(...) : ServletInputStream | Test.java:82:67:82:81 | ... + ... | This path depends on a $@. | Test.java:79:74:79:97 | getInputStream(...) | user-provided value | +| Test.java:90:26:90:29 | temp | Test.java:88:17:88:37 | getHostName(...) : String | Test.java:90:26:90:29 | temp | This path depends on a $@. | Test.java:88:17:88:37 | getHostName(...) | user-provided value | +| Test.java:97:3:97:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:97:12:97:33 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value | +| Test.java:98:3:98:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:98:12:98:33 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value | +| Test.java:99:3:99:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:99:12:99:33 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value | +| Test.java:100:3:100:46 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:100:12:100:45 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value | +| Test.java:101:3:101:55 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected index 48c54030679..7c6a5bffc2e 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected @@ -1,8 +1,5 @@ edges | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:8:31:8:34 | name : String | -| ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:9:48:9:51 | file | -| ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:10:49:10:52 | file | -| ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:11:36:11:39 | file | | ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:9:48:9:51 | file | | ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:10:49:10:52 | file | | ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:11:36:11:39 | file | diff --git a/java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected b/java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected index 52a49e65a69..b876fd2367d 100644 --- a/java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected +++ b/java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected @@ -1,16 +1,16 @@ -| PartialPathTraversalTest.java:10:14:10:73 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:17:9:17:72 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:29:14:29:58 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:35:14:35:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:42:14:42:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:49:14:49:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:53:14:53:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:61:14:61:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:64:14:64:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:75:14:75:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:94:14:94:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:102:14:102:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:105:14:105:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:173:14:173:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:191:18:191:87 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | -| PartialPathTraversalTest.java:209:14:209:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal | +| PartialPathTraversalTest.java:10:14:10:73 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:17:9:17:72 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:29:14:29:58 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:35:14:35:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:42:14:42:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:49:14:49:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:53:14:53:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:61:14:61:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:64:14:64:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:75:14:75:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:94:14:94:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:102:14:102:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:105:14:105:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:173:14:173:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:191:18:191:87 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | +| PartialPathTraversalTest.java:209:14:209:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. | diff --git a/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected index cb515641e6e..e4ab7eaef4a 100644 --- a/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected @@ -33,8 +33,8 @@ nodes | Test.java:61:23:61:25 | arg : String | semmle.label | arg : String | subpaths #select -| Test.java:7:44:7:69 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:7:44:7:69 | ... + ... | $@ flows to here and is used in a command. | Test.java:57:27:57:39 | args | User-provided value | -| Test.java:10:29:10:74 | new String[] | Test.java:57:27:57:39 | args : String[] | Test.java:10:29:10:74 | new String[] | $@ flows to here and is used in a command. | Test.java:57:27:57:39 | args | User-provided value | -| Test.java:18:29:18:31 | cmd | Test.java:57:27:57:39 | args : String[] | Test.java:18:29:18:31 | cmd | $@ flows to here and is used in a command. | Test.java:57:27:57:39 | args | User-provided value | -| Test.java:24:29:24:32 | cmd1 | Test.java:57:27:57:39 | args : String[] | Test.java:24:29:24:32 | cmd1 | $@ flows to here and is used in a command. | Test.java:57:27:57:39 | args | User-provided value | -| Test.java:29:44:29:64 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:29:44:29:64 | ... + ... | $@ flows to here and is used in a command. | Test.java:57:27:57:39 | args | User-provided value | +| Test.java:7:44:7:69 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:7:44:7:69 | ... + ... | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value | +| Test.java:10:29:10:74 | new String[] | Test.java:57:27:57:39 | args : String[] | Test.java:10:29:10:74 | new String[] | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value | +| Test.java:18:29:18:31 | cmd | Test.java:57:27:57:39 | args : String[] | Test.java:18:29:18:31 | cmd | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value | +| Test.java:24:29:24:32 | cmd1 | Test.java:57:27:57:39 | args : String[] | Test.java:24:29:24:32 | cmd1 | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value | +| Test.java:29:44:29:64 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:29:44:29:64 | ... + ... | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected index aea462f3861..9ceaa1d7829 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected @@ -38,12 +38,12 @@ nodes | Test.java:218:14:218:17 | args : String[] | semmle.label | args : String[] | subpaths #select -| Mongo.java:17:45:17:67 | parse(...) | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:45:17:67 | parse(...) | Query might include code from $@. | Mongo.java:10:29:10:41 | args | this user input | -| Mongo.java:21:49:21:52 | json | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | Query might include code from $@. | Mongo.java:10:29:10:41 | args | this user input | -| Test.java:36:47:36:52 | query1 | Test.java:213:26:213:38 | args : String[] | Test.java:36:47:36:52 | query1 | Query might include code from $@. | Test.java:213:26:213:38 | args | this user input | -| Test.java:42:57:42:62 | query2 | Test.java:213:26:213:38 | args : String[] | Test.java:42:57:42:62 | query2 | Query might include code from $@. | Test.java:213:26:213:38 | args | this user input | -| Test.java:50:62:50:67 | query3 | Test.java:213:26:213:38 | args : String[] | Test.java:50:62:50:67 | query3 | Query might include code from $@. | Test.java:213:26:213:38 | args | this user input | -| Test.java:62:47:62:61 | querySbToString | Test.java:213:26:213:38 | args : String[] | Test.java:62:47:62:61 | querySbToString | Query might include code from $@. | Test.java:213:26:213:38 | args | this user input | -| Test.java:70:40:70:44 | query | Test.java:213:26:213:38 | args : String[] | Test.java:70:40:70:44 | query | Query might include code from $@. | Test.java:213:26:213:38 | args | this user input | -| Test.java:78:46:78:50 | query | Test.java:213:26:213:38 | args : String[] | Test.java:78:46:78:50 | query | Query might include code from $@. | Test.java:213:26:213:38 | args | this user input | -| Test.java:209:47:209:68 | queryWithUserTableName | Test.java:213:26:213:38 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | Query might include code from $@. | Test.java:213:26:213:38 | args | this user input | +| Mongo.java:17:45:17:67 | parse(...) | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:45:17:67 | parse(...) | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value | +| Mongo.java:21:49:21:52 | json | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value | +| Test.java:36:47:36:52 | query1 | Test.java:213:26:213:38 | args : String[] | Test.java:36:47:36:52 | query1 | This query depends on a $@. | Test.java:213:26:213:38 | args | user-provided value | +| Test.java:42:57:42:62 | query2 | Test.java:213:26:213:38 | args : String[] | Test.java:42:57:42:62 | query2 | This query depends on a $@. | Test.java:213:26:213:38 | args | user-provided value | +| Test.java:50:62:50:67 | query3 | Test.java:213:26:213:38 | args : String[] | Test.java:50:62:50:67 | query3 | This query depends on a $@. | Test.java:213:26:213:38 | args | user-provided value | +| Test.java:62:47:62:61 | querySbToString | Test.java:213:26:213:38 | args : String[] | Test.java:62:47:62:61 | querySbToString | This query depends on a $@. | Test.java:213:26:213:38 | args | user-provided value | +| Test.java:70:40:70:44 | query | Test.java:213:26:213:38 | args : String[] | Test.java:70:40:70:44 | query | This query depends on a $@. | Test.java:213:26:213:38 | args | user-provided value | +| Test.java:78:46:78:50 | query | Test.java:213:26:213:38 | args : String[] | Test.java:78:46:78:50 | query | This query depends on a $@. | Test.java:213:26:213:38 | args | user-provided value | +| Test.java:209:47:209:68 | queryWithUserTableName | Test.java:213:26:213:38 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | This query depends on a $@. | Test.java:213:26:213:38 | args | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected b/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected index e296c8e92aa..1363da8634d 100644 --- a/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected +++ b/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected @@ -176,61 +176,61 @@ nodes | LdapInjection.java:346:14:346:24 | getBase(...) | semmle.label | getBase(...) | subpaths #select -| LdapInjection.java:47:16:47:35 | ... + ... | LdapInjection.java:45:55:45:81 | jBadDN : String | LdapInjection.java:47:16:47:35 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:45:55:45:81 | jBadDN | this user input | -| LdapInjection.java:47:38:47:57 | ... + ... | LdapInjection.java:45:28:45:52 | jBad : String | LdapInjection.java:47:38:47:57 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:45:28:45:52 | jBad | this user input | -| LdapInjection.java:53:16:53:53 | new LdapName(...) | LdapInjection.java:51:55:51:85 | jBadDNName : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | LDAP query might include code from $@. | LdapInjection.java:51:55:51:85 | jBadDNName | this user input | -| LdapInjection.java:53:56:53:75 | ... + ... | LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:56:53:75 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:51:28:51:52 | jBad | this user input | -| LdapInjection.java:59:63:59:82 | ... + ... | LdapInjection.java:57:28:57:52 | jBad : String | LdapInjection.java:59:63:59:82 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:57:28:57:52 | jBad | this user input | -| LdapInjection.java:65:29:65:55 | ... + ... | LdapInjection.java:63:28:63:59 | jBadInitial : String | LdapInjection.java:65:29:65:55 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:63:28:63:59 | jBadInitial | this user input | -| LdapInjection.java:71:16:71:81 | addAll(...) | LdapInjection.java:69:55:69:88 | jBadDNNameAdd : String | LdapInjection.java:71:16:71:81 | addAll(...) | LDAP query might include code from $@. | LdapInjection.java:69:55:69:88 | jBadDNNameAdd | this user input | -| LdapInjection.java:71:84:71:103 | ... + ... | LdapInjection.java:69:28:69:52 | jBad : String | LdapInjection.java:71:84:71:103 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:69:28:69:52 | jBad | this user input | -| LdapInjection.java:79:16:79:44 | addAll(...) | LdapInjection.java:75:55:75:89 | jBadDNNameAdd2 : String | LdapInjection.java:79:16:79:44 | addAll(...) | LDAP query might include code from $@. | LdapInjection.java:75:55:75:89 | jBadDNNameAdd2 | this user input | -| LdapInjection.java:79:47:79:66 | ... + ... | LdapInjection.java:75:28:75:52 | jBad : String | LdapInjection.java:79:47:79:66 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:75:28:75:52 | jBad | this user input | -| LdapInjection.java:85:16:85:72 | toString(...) | LdapInjection.java:83:55:83:93 | jBadDNNameToString : String | LdapInjection.java:85:16:85:72 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:83:55:83:93 | jBadDNNameToString | this user input | -| LdapInjection.java:85:75:85:94 | ... + ... | LdapInjection.java:83:28:83:52 | jBad : String | LdapInjection.java:85:75:85:94 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:83:28:83:52 | jBad | this user input | -| LdapInjection.java:91:16:91:73 | (...)... | LdapInjection.java:89:55:89:90 | jBadDNNameClone : String | LdapInjection.java:91:16:91:73 | (...)... | LDAP query might include code from $@. | LdapInjection.java:89:55:89:90 | jBadDNNameClone | this user input | -| LdapInjection.java:91:76:91:95 | ... + ... | LdapInjection.java:89:28:89:52 | jBad : String | LdapInjection.java:91:76:91:95 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:89:28:89:52 | jBad | this user input | -| LdapInjection.java:108:20:108:39 | ... + ... | LdapInjection.java:106:58:106:84 | uBadDN : String | LdapInjection.java:108:20:108:39 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:106:58:106:84 | uBadDN | this user input | -| LdapInjection.java:108:67:108:86 | ... + ... | LdapInjection.java:106:31:106:55 | uBad : String | LdapInjection.java:108:67:108:86 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:106:31:106:55 | uBad | this user input | -| LdapInjection.java:113:58:113:88 | create(...) | LdapInjection.java:112:31:112:67 | uBadFilterCreate : String | LdapInjection.java:113:58:113:88 | create(...) | LDAP query might include code from $@. | LdapInjection.java:112:31:112:67 | uBadFilterCreate | this user input | -| LdapInjection.java:121:14:121:14 | s | LdapInjection.java:117:31:117:70 | uBadROSearchRequest : String | LdapInjection.java:121:14:121:14 | s | LDAP query might include code from $@. | LdapInjection.java:117:31:117:70 | uBadROSearchRequest | this user input | -| LdapInjection.java:121:14:121:14 | s | LdapInjection.java:117:73:117:103 | uBadROSRDN : String | LdapInjection.java:121:14:121:14 | s | LDAP query might include code from $@. | LdapInjection.java:117:73:117:103 | uBadROSRDN | this user input | -| LdapInjection.java:129:14:129:14 | s | LdapInjection.java:125:31:125:68 | uBadSearchRequest : String | LdapInjection.java:129:14:129:14 | s | LDAP query might include code from $@. | LdapInjection.java:125:31:125:68 | uBadSearchRequest | this user input | -| LdapInjection.java:129:14:129:14 | s | LdapInjection.java:125:71:125:99 | uBadSRDN : String | LdapInjection.java:129:14:129:14 | s | LDAP query might include code from $@. | LdapInjection.java:125:71:125:99 | uBadSRDN | this user input | -| LdapInjection.java:135:22:135:44 | ... + ... | LdapInjection.java:133:58:133:87 | uBadDNSFR : String | LdapInjection.java:135:22:135:44 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:133:58:133:87 | uBadDNSFR | this user input | -| LdapInjection.java:135:69:135:88 | ... + ... | LdapInjection.java:133:31:133:55 | uBad : String | LdapInjection.java:135:69:135:88 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:133:31:133:55 | uBad | this user input | -| LdapInjection.java:143:19:143:19 | s | LdapInjection.java:139:31:139:75 | uBadROSearchRequestAsync : String | LdapInjection.java:143:19:143:19 | s | LDAP query might include code from $@. | LdapInjection.java:139:31:139:75 | uBadROSearchRequestAsync | this user input | -| LdapInjection.java:143:19:143:19 | s | LdapInjection.java:139:78:139:113 | uBadROSRDNAsync : String | LdapInjection.java:143:19:143:19 | s | LDAP query might include code from $@. | LdapInjection.java:139:78:139:113 | uBadROSRDNAsync | this user input | -| LdapInjection.java:151:19:151:19 | s | LdapInjection.java:147:31:147:73 | uBadSearchRequestAsync : String | LdapInjection.java:151:19:151:19 | s | LDAP query might include code from $@. | LdapInjection.java:147:31:147:73 | uBadSearchRequestAsync | this user input | -| LdapInjection.java:151:19:151:19 | s | LdapInjection.java:147:76:147:109 | uBadSRDNAsync : String | LdapInjection.java:151:19:151:19 | s | LDAP query might include code from $@. | LdapInjection.java:147:76:147:109 | uBadSRDNAsync | this user input | -| LdapInjection.java:156:58:156:115 | createNOTFilter(...) | LdapInjection.java:155:31:155:70 | uBadFilterCreateNOT : String | LdapInjection.java:156:58:156:115 | createNOTFilter(...) | LDAP query might include code from $@. | LdapInjection.java:155:31:155:70 | uBadFilterCreateNOT | this user input | -| LdapInjection.java:161:58:161:107 | toString(...) | LdapInjection.java:160:31:160:75 | uBadFilterCreateToString : String | LdapInjection.java:161:58:161:107 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:160:31:160:75 | uBadFilterCreateToString | this user input | -| LdapInjection.java:168:58:168:69 | toString(...) | LdapInjection.java:165:32:165:82 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:168:58:168:69 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:165:32:165:82 | uBadFilterCreateToStringBuffer | this user input | -| LdapInjection.java:176:14:176:26 | duplicate(...) | LdapInjection.java:172:32:172:78 | uBadSearchRequestDuplicate : String | LdapInjection.java:176:14:176:26 | duplicate(...) | LDAP query might include code from $@. | LdapInjection.java:172:32:172:78 | uBadSearchRequestDuplicate | this user input | -| LdapInjection.java:184:14:184:26 | duplicate(...) | LdapInjection.java:180:32:180:80 | uBadROSearchRequestDuplicate : String | LdapInjection.java:184:14:184:26 | duplicate(...) | LDAP query might include code from $@. | LdapInjection.java:180:32:180:80 | uBadROSearchRequestDuplicate | this user input | -| LdapInjection.java:192:14:192:14 | s | LdapInjection.java:188:32:188:74 | uBadSearchRequestSetDN : String | LdapInjection.java:192:14:192:14 | s | LDAP query might include code from $@. | LdapInjection.java:188:32:188:74 | uBadSearchRequestSetDN | this user input | -| LdapInjection.java:200:14:200:14 | s | LdapInjection.java:196:32:196:78 | uBadSearchRequestSetFilter : String | LdapInjection.java:200:14:200:14 | s | LDAP query might include code from $@. | LdapInjection.java:196:32:196:78 | uBadSearchRequestSetFilter | this user input | -| LdapInjection.java:230:14:230:33 | ... + ... | LdapInjection.java:229:57:229:83 | sBadDN : String | LdapInjection.java:230:14:230:33 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:229:57:229:83 | sBadDN | this user input | -| LdapInjection.java:230:36:230:55 | ... + ... | LdapInjection.java:229:30:229:54 | sBad : String | LdapInjection.java:230:36:230:55 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:229:30:229:54 | sBad | this user input | -| LdapInjection.java:235:20:235:85 | build(...) | LdapInjection.java:234:57:234:92 | sBadDNLNBuilder : String | LdapInjection.java:235:20:235:85 | build(...) | LDAP query might include code from $@. | LdapInjection.java:234:57:234:92 | sBadDNLNBuilder | this user input | -| LdapInjection.java:235:88:235:107 | ... + ... | LdapInjection.java:234:30:234:54 | sBad : String | LdapInjection.java:235:88:235:107 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:234:30:234:54 | sBad | this user input | -| LdapInjection.java:240:23:240:97 | build(...) | LdapInjection.java:239:57:239:95 | sBadDNLNBuilderAdd : String | LdapInjection.java:240:23:240:97 | build(...) | LDAP query might include code from $@. | LdapInjection.java:239:57:239:95 | sBadDNLNBuilderAdd | this user input | -| LdapInjection.java:240:100:240:119 | ... + ... | LdapInjection.java:239:30:239:54 | sBad : String | LdapInjection.java:240:100:240:119 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:239:30:239:54 | sBad | this user input | -| LdapInjection.java:245:15:245:76 | filter(...) | LdapInjection.java:244:30:244:63 | sBadLdapQuery : String | LdapInjection.java:245:15:245:76 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:244:30:244:63 | sBadLdapQuery | this user input | -| LdapInjection.java:250:12:250:63 | newLdapName(...) | LdapInjection.java:249:63:249:98 | sBadDNLdapUtils : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | LDAP query might include code from $@. | LdapInjection.java:249:63:249:98 | sBadDNLdapUtils | this user input | -| LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | LdapInjection.java:249:30:249:60 | sBadFilter : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | LDAP query might include code from $@. | LdapInjection.java:249:30:249:60 | sBadFilter | this user input | -| LdapInjection.java:255:24:255:85 | filter(...) | LdapInjection.java:254:30:254:63 | sBadLdapQuery : String | LdapInjection.java:255:24:255:85 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:254:30:254:63 | sBadLdapQuery | this user input | -| LdapInjection.java:261:24:261:24 | q | LdapInjection.java:259:30:259:64 | sBadLdapQuery2 : String | LdapInjection.java:261:24:261:24 | q | LDAP query might include code from $@. | LdapInjection.java:259:30:259:64 | sBadLdapQuery2 | this user input | -| LdapInjection.java:266:24:266:116 | filter(...) | LdapInjection.java:265:30:265:73 | sBadLdapQueryWithFilter : String | LdapInjection.java:266:24:266:116 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:265:30:265:73 | sBadLdapQueryWithFilter | this user input | -| LdapInjection.java:272:24:272:57 | filter(...) | LdapInjection.java:270:30:270:74 | sBadLdapQueryWithFilter2 : String | LdapInjection.java:272:24:272:57 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:270:30:270:74 | sBadLdapQueryWithFilter2 | this user input | -| LdapInjection.java:277:12:277:66 | base(...) | LdapInjection.java:276:31:276:68 | sBadLdapQueryBase : String | LdapInjection.java:277:12:277:66 | base(...) | LDAP query might include code from $@. | LdapInjection.java:276:31:276:68 | sBadLdapQueryBase | this user input | -| LdapInjection.java:282:24:282:98 | is(...) | LdapInjection.java:281:31:281:71 | sBadLdapQueryComplex : String | LdapInjection.java:282:24:282:98 | is(...) | LDAP query might include code from $@. | LdapInjection.java:281:31:281:71 | sBadLdapQueryComplex | this user input | -| LdapInjection.java:287:18:287:83 | toString(...) | LdapInjection.java:286:31:286:69 | sBadFilterToString : String | LdapInjection.java:287:18:287:83 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:286:31:286:69 | sBadFilterToString | this user input | -| LdapInjection.java:294:18:294:29 | toString(...) | LdapInjection.java:291:31:291:67 | sBadFilterEncode : String | LdapInjection.java:294:18:294:29 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:291:31:291:67 | sBadFilterEncode | this user input | -| LdapInjection.java:316:14:316:33 | ... + ... | LdapInjection.java:314:57:314:83 | aBadDN : String | LdapInjection.java:316:14:316:33 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:314:57:314:83 | aBadDN | this user input | -| LdapInjection.java:316:36:316:55 | ... + ... | LdapInjection.java:314:30:314:54 | aBad : String | LdapInjection.java:316:36:316:55 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:314:30:314:54 | aBad | this user input | -| LdapInjection.java:322:14:322:62 | getName(...) | LdapInjection.java:320:57:320:94 | aBadDNObjToString : String | LdapInjection.java:322:14:322:62 | getName(...) | LDAP query might include code from $@. | LdapInjection.java:320:57:320:94 | aBadDNObjToString | this user input | -| LdapInjection.java:322:65:322:84 | ... + ... | LdapInjection.java:320:30:320:54 | aBad : String | LdapInjection.java:322:65:322:84 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:320:30:320:54 | aBad | this user input | -| LdapInjection.java:330:14:330:14 | s | LdapInjection.java:326:30:326:67 | aBadSearchRequest : String | LdapInjection.java:330:14:330:14 | s | LDAP query might include code from $@. | LdapInjection.java:326:30:326:67 | aBadSearchRequest | this user input | -| LdapInjection.java:338:14:338:14 | s | LdapInjection.java:334:74:334:103 | aBadDNObj : String | LdapInjection.java:338:14:338:14 | s | LDAP query might include code from $@. | LdapInjection.java:334:74:334:103 | aBadDNObj | this user input | -| LdapInjection.java:346:14:346:24 | getBase(...) | LdapInjection.java:342:30:342:72 | aBadDNSearchRequestGet : String | LdapInjection.java:346:14:346:24 | getBase(...) | LDAP query might include code from $@. | LdapInjection.java:342:30:342:72 | aBadDNSearchRequestGet | this user input | +| LdapInjection.java:47:16:47:35 | ... + ... | LdapInjection.java:45:55:45:81 | jBadDN : String | LdapInjection.java:47:16:47:35 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:45:55:45:81 | jBadDN | user-provided value | +| LdapInjection.java:47:38:47:57 | ... + ... | LdapInjection.java:45:28:45:52 | jBad : String | LdapInjection.java:47:38:47:57 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:45:28:45:52 | jBad | user-provided value | +| LdapInjection.java:53:16:53:53 | new LdapName(...) | LdapInjection.java:51:55:51:85 | jBadDNName : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | This LDAP query depends on a $@. | LdapInjection.java:51:55:51:85 | jBadDNName | user-provided value | +| LdapInjection.java:53:56:53:75 | ... + ... | LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:56:53:75 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:51:28:51:52 | jBad | user-provided value | +| LdapInjection.java:59:63:59:82 | ... + ... | LdapInjection.java:57:28:57:52 | jBad : String | LdapInjection.java:59:63:59:82 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:57:28:57:52 | jBad | user-provided value | +| LdapInjection.java:65:29:65:55 | ... + ... | LdapInjection.java:63:28:63:59 | jBadInitial : String | LdapInjection.java:65:29:65:55 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:63:28:63:59 | jBadInitial | user-provided value | +| LdapInjection.java:71:16:71:81 | addAll(...) | LdapInjection.java:69:55:69:88 | jBadDNNameAdd : String | LdapInjection.java:71:16:71:81 | addAll(...) | This LDAP query depends on a $@. | LdapInjection.java:69:55:69:88 | jBadDNNameAdd | user-provided value | +| LdapInjection.java:71:84:71:103 | ... + ... | LdapInjection.java:69:28:69:52 | jBad : String | LdapInjection.java:71:84:71:103 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:69:28:69:52 | jBad | user-provided value | +| LdapInjection.java:79:16:79:44 | addAll(...) | LdapInjection.java:75:55:75:89 | jBadDNNameAdd2 : String | LdapInjection.java:79:16:79:44 | addAll(...) | This LDAP query depends on a $@. | LdapInjection.java:75:55:75:89 | jBadDNNameAdd2 | user-provided value | +| LdapInjection.java:79:47:79:66 | ... + ... | LdapInjection.java:75:28:75:52 | jBad : String | LdapInjection.java:79:47:79:66 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:75:28:75:52 | jBad | user-provided value | +| LdapInjection.java:85:16:85:72 | toString(...) | LdapInjection.java:83:55:83:93 | jBadDNNameToString : String | LdapInjection.java:85:16:85:72 | toString(...) | This LDAP query depends on a $@. | LdapInjection.java:83:55:83:93 | jBadDNNameToString | user-provided value | +| LdapInjection.java:85:75:85:94 | ... + ... | LdapInjection.java:83:28:83:52 | jBad : String | LdapInjection.java:85:75:85:94 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:83:28:83:52 | jBad | user-provided value | +| LdapInjection.java:91:16:91:73 | (...)... | LdapInjection.java:89:55:89:90 | jBadDNNameClone : String | LdapInjection.java:91:16:91:73 | (...)... | This LDAP query depends on a $@. | LdapInjection.java:89:55:89:90 | jBadDNNameClone | user-provided value | +| LdapInjection.java:91:76:91:95 | ... + ... | LdapInjection.java:89:28:89:52 | jBad : String | LdapInjection.java:91:76:91:95 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:89:28:89:52 | jBad | user-provided value | +| LdapInjection.java:108:20:108:39 | ... + ... | LdapInjection.java:106:58:106:84 | uBadDN : String | LdapInjection.java:108:20:108:39 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:106:58:106:84 | uBadDN | user-provided value | +| LdapInjection.java:108:67:108:86 | ... + ... | LdapInjection.java:106:31:106:55 | uBad : String | LdapInjection.java:108:67:108:86 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:106:31:106:55 | uBad | user-provided value | +| LdapInjection.java:113:58:113:88 | create(...) | LdapInjection.java:112:31:112:67 | uBadFilterCreate : String | LdapInjection.java:113:58:113:88 | create(...) | This LDAP query depends on a $@. | LdapInjection.java:112:31:112:67 | uBadFilterCreate | user-provided value | +| LdapInjection.java:121:14:121:14 | s | LdapInjection.java:117:31:117:70 | uBadROSearchRequest : String | LdapInjection.java:121:14:121:14 | s | This LDAP query depends on a $@. | LdapInjection.java:117:31:117:70 | uBadROSearchRequest | user-provided value | +| LdapInjection.java:121:14:121:14 | s | LdapInjection.java:117:73:117:103 | uBadROSRDN : String | LdapInjection.java:121:14:121:14 | s | This LDAP query depends on a $@. | LdapInjection.java:117:73:117:103 | uBadROSRDN | user-provided value | +| LdapInjection.java:129:14:129:14 | s | LdapInjection.java:125:31:125:68 | uBadSearchRequest : String | LdapInjection.java:129:14:129:14 | s | This LDAP query depends on a $@. | LdapInjection.java:125:31:125:68 | uBadSearchRequest | user-provided value | +| LdapInjection.java:129:14:129:14 | s | LdapInjection.java:125:71:125:99 | uBadSRDN : String | LdapInjection.java:129:14:129:14 | s | This LDAP query depends on a $@. | LdapInjection.java:125:71:125:99 | uBadSRDN | user-provided value | +| LdapInjection.java:135:22:135:44 | ... + ... | LdapInjection.java:133:58:133:87 | uBadDNSFR : String | LdapInjection.java:135:22:135:44 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:133:58:133:87 | uBadDNSFR | user-provided value | +| LdapInjection.java:135:69:135:88 | ... + ... | LdapInjection.java:133:31:133:55 | uBad : String | LdapInjection.java:135:69:135:88 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:133:31:133:55 | uBad | user-provided value | +| LdapInjection.java:143:19:143:19 | s | LdapInjection.java:139:31:139:75 | uBadROSearchRequestAsync : String | LdapInjection.java:143:19:143:19 | s | This LDAP query depends on a $@. | LdapInjection.java:139:31:139:75 | uBadROSearchRequestAsync | user-provided value | +| LdapInjection.java:143:19:143:19 | s | LdapInjection.java:139:78:139:113 | uBadROSRDNAsync : String | LdapInjection.java:143:19:143:19 | s | This LDAP query depends on a $@. | LdapInjection.java:139:78:139:113 | uBadROSRDNAsync | user-provided value | +| LdapInjection.java:151:19:151:19 | s | LdapInjection.java:147:31:147:73 | uBadSearchRequestAsync : String | LdapInjection.java:151:19:151:19 | s | This LDAP query depends on a $@. | LdapInjection.java:147:31:147:73 | uBadSearchRequestAsync | user-provided value | +| LdapInjection.java:151:19:151:19 | s | LdapInjection.java:147:76:147:109 | uBadSRDNAsync : String | LdapInjection.java:151:19:151:19 | s | This LDAP query depends on a $@. | LdapInjection.java:147:76:147:109 | uBadSRDNAsync | user-provided value | +| LdapInjection.java:156:58:156:115 | createNOTFilter(...) | LdapInjection.java:155:31:155:70 | uBadFilterCreateNOT : String | LdapInjection.java:156:58:156:115 | createNOTFilter(...) | This LDAP query depends on a $@. | LdapInjection.java:155:31:155:70 | uBadFilterCreateNOT | user-provided value | +| LdapInjection.java:161:58:161:107 | toString(...) | LdapInjection.java:160:31:160:75 | uBadFilterCreateToString : String | LdapInjection.java:161:58:161:107 | toString(...) | This LDAP query depends on a $@. | LdapInjection.java:160:31:160:75 | uBadFilterCreateToString | user-provided value | +| LdapInjection.java:168:58:168:69 | toString(...) | LdapInjection.java:165:32:165:82 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:168:58:168:69 | toString(...) | This LDAP query depends on a $@. | LdapInjection.java:165:32:165:82 | uBadFilterCreateToStringBuffer | user-provided value | +| LdapInjection.java:176:14:176:26 | duplicate(...) | LdapInjection.java:172:32:172:78 | uBadSearchRequestDuplicate : String | LdapInjection.java:176:14:176:26 | duplicate(...) | This LDAP query depends on a $@. | LdapInjection.java:172:32:172:78 | uBadSearchRequestDuplicate | user-provided value | +| LdapInjection.java:184:14:184:26 | duplicate(...) | LdapInjection.java:180:32:180:80 | uBadROSearchRequestDuplicate : String | LdapInjection.java:184:14:184:26 | duplicate(...) | This LDAP query depends on a $@. | LdapInjection.java:180:32:180:80 | uBadROSearchRequestDuplicate | user-provided value | +| LdapInjection.java:192:14:192:14 | s | LdapInjection.java:188:32:188:74 | uBadSearchRequestSetDN : String | LdapInjection.java:192:14:192:14 | s | This LDAP query depends on a $@. | LdapInjection.java:188:32:188:74 | uBadSearchRequestSetDN | user-provided value | +| LdapInjection.java:200:14:200:14 | s | LdapInjection.java:196:32:196:78 | uBadSearchRequestSetFilter : String | LdapInjection.java:200:14:200:14 | s | This LDAP query depends on a $@. | LdapInjection.java:196:32:196:78 | uBadSearchRequestSetFilter | user-provided value | +| LdapInjection.java:230:14:230:33 | ... + ... | LdapInjection.java:229:57:229:83 | sBadDN : String | LdapInjection.java:230:14:230:33 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:229:57:229:83 | sBadDN | user-provided value | +| LdapInjection.java:230:36:230:55 | ... + ... | LdapInjection.java:229:30:229:54 | sBad : String | LdapInjection.java:230:36:230:55 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:229:30:229:54 | sBad | user-provided value | +| LdapInjection.java:235:20:235:85 | build(...) | LdapInjection.java:234:57:234:92 | sBadDNLNBuilder : String | LdapInjection.java:235:20:235:85 | build(...) | This LDAP query depends on a $@. | LdapInjection.java:234:57:234:92 | sBadDNLNBuilder | user-provided value | +| LdapInjection.java:235:88:235:107 | ... + ... | LdapInjection.java:234:30:234:54 | sBad : String | LdapInjection.java:235:88:235:107 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:234:30:234:54 | sBad | user-provided value | +| LdapInjection.java:240:23:240:97 | build(...) | LdapInjection.java:239:57:239:95 | sBadDNLNBuilderAdd : String | LdapInjection.java:240:23:240:97 | build(...) | This LDAP query depends on a $@. | LdapInjection.java:239:57:239:95 | sBadDNLNBuilderAdd | user-provided value | +| LdapInjection.java:240:100:240:119 | ... + ... | LdapInjection.java:239:30:239:54 | sBad : String | LdapInjection.java:240:100:240:119 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:239:30:239:54 | sBad | user-provided value | +| LdapInjection.java:245:15:245:76 | filter(...) | LdapInjection.java:244:30:244:63 | sBadLdapQuery : String | LdapInjection.java:245:15:245:76 | filter(...) | This LDAP query depends on a $@. | LdapInjection.java:244:30:244:63 | sBadLdapQuery | user-provided value | +| LdapInjection.java:250:12:250:63 | newLdapName(...) | LdapInjection.java:249:63:249:98 | sBadDNLdapUtils : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | This LDAP query depends on a $@. | LdapInjection.java:249:63:249:98 | sBadDNLdapUtils | user-provided value | +| LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | LdapInjection.java:249:30:249:60 | sBadFilter : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | This LDAP query depends on a $@. | LdapInjection.java:249:30:249:60 | sBadFilter | user-provided value | +| LdapInjection.java:255:24:255:85 | filter(...) | LdapInjection.java:254:30:254:63 | sBadLdapQuery : String | LdapInjection.java:255:24:255:85 | filter(...) | This LDAP query depends on a $@. | LdapInjection.java:254:30:254:63 | sBadLdapQuery | user-provided value | +| LdapInjection.java:261:24:261:24 | q | LdapInjection.java:259:30:259:64 | sBadLdapQuery2 : String | LdapInjection.java:261:24:261:24 | q | This LDAP query depends on a $@. | LdapInjection.java:259:30:259:64 | sBadLdapQuery2 | user-provided value | +| LdapInjection.java:266:24:266:116 | filter(...) | LdapInjection.java:265:30:265:73 | sBadLdapQueryWithFilter : String | LdapInjection.java:266:24:266:116 | filter(...) | This LDAP query depends on a $@. | LdapInjection.java:265:30:265:73 | sBadLdapQueryWithFilter | user-provided value | +| LdapInjection.java:272:24:272:57 | filter(...) | LdapInjection.java:270:30:270:74 | sBadLdapQueryWithFilter2 : String | LdapInjection.java:272:24:272:57 | filter(...) | This LDAP query depends on a $@. | LdapInjection.java:270:30:270:74 | sBadLdapQueryWithFilter2 | user-provided value | +| LdapInjection.java:277:12:277:66 | base(...) | LdapInjection.java:276:31:276:68 | sBadLdapQueryBase : String | LdapInjection.java:277:12:277:66 | base(...) | This LDAP query depends on a $@. | LdapInjection.java:276:31:276:68 | sBadLdapQueryBase | user-provided value | +| LdapInjection.java:282:24:282:98 | is(...) | LdapInjection.java:281:31:281:71 | sBadLdapQueryComplex : String | LdapInjection.java:282:24:282:98 | is(...) | This LDAP query depends on a $@. | LdapInjection.java:281:31:281:71 | sBadLdapQueryComplex | user-provided value | +| LdapInjection.java:287:18:287:83 | toString(...) | LdapInjection.java:286:31:286:69 | sBadFilterToString : String | LdapInjection.java:287:18:287:83 | toString(...) | This LDAP query depends on a $@. | LdapInjection.java:286:31:286:69 | sBadFilterToString | user-provided value | +| LdapInjection.java:294:18:294:29 | toString(...) | LdapInjection.java:291:31:291:67 | sBadFilterEncode : String | LdapInjection.java:294:18:294:29 | toString(...) | This LDAP query depends on a $@. | LdapInjection.java:291:31:291:67 | sBadFilterEncode | user-provided value | +| LdapInjection.java:316:14:316:33 | ... + ... | LdapInjection.java:314:57:314:83 | aBadDN : String | LdapInjection.java:316:14:316:33 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:314:57:314:83 | aBadDN | user-provided value | +| LdapInjection.java:316:36:316:55 | ... + ... | LdapInjection.java:314:30:314:54 | aBad : String | LdapInjection.java:316:36:316:55 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:314:30:314:54 | aBad | user-provided value | +| LdapInjection.java:322:14:322:62 | getName(...) | LdapInjection.java:320:57:320:94 | aBadDNObjToString : String | LdapInjection.java:322:14:322:62 | getName(...) | This LDAP query depends on a $@. | LdapInjection.java:320:57:320:94 | aBadDNObjToString | user-provided value | +| LdapInjection.java:322:65:322:84 | ... + ... | LdapInjection.java:320:30:320:54 | aBad : String | LdapInjection.java:322:65:322:84 | ... + ... | This LDAP query depends on a $@. | LdapInjection.java:320:30:320:54 | aBad | user-provided value | +| LdapInjection.java:330:14:330:14 | s | LdapInjection.java:326:30:326:67 | aBadSearchRequest : String | LdapInjection.java:330:14:330:14 | s | This LDAP query depends on a $@. | LdapInjection.java:326:30:326:67 | aBadSearchRequest | user-provided value | +| LdapInjection.java:338:14:338:14 | s | LdapInjection.java:334:74:334:103 | aBadDNObj : String | LdapInjection.java:338:14:338:14 | s | This LDAP query depends on a $@. | LdapInjection.java:334:74:334:103 | aBadDNObj | user-provided value | +| LdapInjection.java:346:14:346:24 | getBase(...) | LdapInjection.java:342:30:342:72 | aBadDNSearchRequestGet : String | LdapInjection.java:346:14:346:24 | getBase(...) | This LDAP query depends on a $@. | LdapInjection.java:342:30:342:72 | aBadDNSearchRequestGet | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected index 87cfbf16ef4..5388b0df98c 100644 --- a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected +++ b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected @@ -5,4 +5,4 @@ nodes | InsecureBeanValidation.java:11:64:11:68 | value | semmle.label | value | subpaths #select -| InsecureBeanValidation.java:11:64:11:68 | value | InsecureBeanValidation.java:7:28:7:40 | object : String | InsecureBeanValidation.java:11:64:11:68 | value | Custom constraint error message contains unsanitized user data | +| InsecureBeanValidation.java:11:64:11:68 | value | InsecureBeanValidation.java:7:28:7:40 | object : String | InsecureBeanValidation.java:11:64:11:68 | value | Custom constraint error message contains an unsanitized $@. | InsecureBeanValidation.java:7:28:7:40 | object : String | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected index 011d9035f26..34a84f252e1 100644 --- a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected +++ b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected @@ -14,7 +14,7 @@ nodes | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | semmle.label | replaceFirst(...) | subpaths #select -| ResponseSplitting.java:23:23:23:28 | cookie | ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:23:23:23:28 | cookie | Response-splitting vulnerability due to this $@. | ResponseSplitting.java:22:39:22:66 | getParameter(...) | user-provided value | -| ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | Response-splitting vulnerability due to this $@. | ResponseSplitting.java:28:38:28:72 | getParameter(...) | user-provided value | -| ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | Response-splitting vulnerability due to this $@. | ResponseSplitting.java:29:38:29:72 | getParameter(...) | user-provided value | -| ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | Response-splitting vulnerability due to this $@. | ResponseSplitting.java:53:14:53:48 | getParameter(...) | user-provided value | +| ResponseSplitting.java:23:23:23:28 | cookie | ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:23:23:23:28 | cookie | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:22:39:22:66 | getParameter(...) | user-provided value | +| ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:28:38:28:72 | getParameter(...) | user-provided value | +| ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:29:38:29:72 | getParameter(...) | user-provided value | +| ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:53:14:53:48 | getParameter(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.expected b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.expected index a124f5731a3..cd4530b3002 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.expected +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.expected @@ -5,4 +5,4 @@ nodes | Test.java:107:27:107:30 | size | semmle.label | size | subpaths #select -| Test.java:110:30:110:30 | 0 | Test.java:105:16:105:16 | 0 : Number | Test.java:107:27:107:30 | size | The $@ is accessed here, but the array is initialized using $@ which may be zero. | Test.java:107:19:107:31 | new int[] | array | Test.java:105:16:105:16 | 0 | literal value 0 | +| Test.java:110:30:110:30 | 0 | Test.java:105:16:105:16 | 0 : Number | Test.java:107:27:107:30 | size | This accesses the $@, but the array is initialized using $@ which may be zero. | Test.java:107:19:107:31 | new int[] | array | Test.java:105:16:105:16 | 0 | literal value 0 | diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected index 4ba2d5e8549..abfb68f74a5 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected @@ -11,5 +11,5 @@ nodes | Test.java:86:34:86:37 | size | semmle.label | size | subpaths #select -| Test.java:83:34:83:34 | 0 | Test.java:76:27:76:60 | getProperty(...) : String | Test.java:80:31:80:34 | size | The $@ is accessed here, but the array is initialized using $@ which may be zero. | Test.java:80:23:80:35 | new int[] | array | Test.java:76:27:76:60 | getProperty(...) | User-provided value | -| Test.java:89:37:89:37 | 0 | Test.java:76:27:76:60 | getProperty(...) : String | Test.java:86:34:86:37 | size | The $@ is accessed here, but the array is initialized using $@ which may be zero. | Test.java:86:26:86:38 | new int[] | array | Test.java:76:27:76:60 | getProperty(...) | User-provided value | +| Test.java:83:34:83:34 | 0 | Test.java:76:27:76:60 | getProperty(...) : String | Test.java:80:31:80:34 | size | This accesses the $@, but the array is initialized using a $@ which may be zero. | Test.java:80:23:80:35 | new int[] | array | Test.java:76:27:76:60 | getProperty(...) | user-provided value | +| Test.java:89:37:89:37 | 0 | Test.java:76:27:76:60 | getProperty(...) : String | Test.java:86:34:86:37 | size | This accesses the $@, but the array is initialized using a $@ which may be zero. | Test.java:86:26:86:38 | new int[] | array | Test.java:76:27:76:60 | getProperty(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected index e23a7c4239e..6e0738c8576 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected @@ -9,4 +9,4 @@ nodes | Test.java:19:34:19:38 | index | semmle.label | index | subpaths #select -| Test.java:19:34:19:38 | index | Test.java:14:27:14:60 | getProperty(...) : String | Test.java:19:34:19:38 | index | $@ flows to here and is used as an index causing an ArrayIndexOutOfBoundsException. | Test.java:14:27:14:60 | getProperty(...) | User-provided value | +| Test.java:19:34:19:38 | index | Test.java:14:27:14:60 | getProperty(...) : String | Test.java:19:34:19:38 | index | This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException. | Test.java:14:27:14:60 | getProperty(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected index 3bfd4609e98..5be16020175 100644 --- a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected +++ b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected @@ -9,4 +9,4 @@ nodes | Test.java:39:25:39:30 | format | semmle.label | format | subpaths #select -| Test.java:39:25:39:30 | format | Test.java:33:30:33:74 | getParameter(...) : String | Test.java:39:25:39:30 | format | $@ flows to here and is used in a format string. | Test.java:33:30:33:74 | getParameter(...) | User-provided value | +| Test.java:39:25:39:30 | format | Test.java:33:30:33:74 | getParameter(...) : String | Test.java:39:25:39:30 | format | Format string depends on a $@. | Test.java:33:30:33:74 | getParameter(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected index b5426ced220..99e197a2e73 100644 --- a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected +++ b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected @@ -13,8 +13,8 @@ nodes | Test.java:27:44:27:55 | userProperty | semmle.label | userProperty | subpaths #select -| Test.java:19:19:19:30 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | $@ flows to here and is used in a format string. | Test.java:17:27:17:60 | getProperty(...) | User-provided value | -| Test.java:21:23:21:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | $@ flows to here and is used in a format string. | Test.java:17:27:17:60 | getProperty(...) | User-provided value | -| Test.java:23:23:23:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | $@ flows to here and is used in a format string. | Test.java:17:27:17:60 | getProperty(...) | User-provided value | -| Test.java:25:28:25:39 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | $@ flows to here and is used in a format string. | Test.java:17:27:17:60 | getProperty(...) | User-provided value | -| Test.java:27:44:27:55 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | $@ flows to here and is used in a format string. | Test.java:17:27:17:60 | getProperty(...) | User-provided value | +| Test.java:19:19:19:30 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value | +| Test.java:21:23:21:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value | +| Test.java:23:23:23:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value | +| Test.java:25:28:25:39 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value | +| Test.java:27:44:27:55 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected index e2b12ae730e..4d37fd48f49 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected @@ -88,12 +88,12 @@ subpaths | ArithmeticTainted.java:64:20:64:23 | data : Number | Holder.java:12:22:12:26 | d : Number | Holder.java:13:3:13:5 | this <.field> [post update] [dat] : Number | ArithmeticTainted.java:64:4:64:10 | tainted [post update] [dat] : Number | | ArithmeticTainted.java:66:18:66:24 | tainted [dat] : Number | Holder.java:16:13:16:19 | parameter this [dat] : Number | Holder.java:17:10:17:12 | dat : Number | ArithmeticTainted.java:66:18:66:34 | getData(...) : Number | #select -| ArithmeticTainted.java:32:17:32:25 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:32:17:32:20 | data | $@ flows to here and is used in arithmetic, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:40:17:40:25 | ... - ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:40:17:40:20 | data | $@ flows to here and is used in arithmetic, potentially causing an underflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:50:17:50:24 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:50:17:50:20 | data | $@ flows to here and is used in arithmetic, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:71:17:71:27 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:71:17:71:23 | herring | $@ flows to here and is used in arithmetic, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:95:37:95:46 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:95:37:95:40 | data | $@ flows to here and is used in arithmetic, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:127:3:127:8 | ...++ | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:127:3:127:6 | data | $@ flows to here and is used in arithmetic, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:131:3:131:8 | ++... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:131:5:131:8 | data | $@ flows to here and is used in arithmetic, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:135:3:135:8 | ...-- | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:135:3:135:6 | data | $@ flows to here and is used in arithmetic, potentially causing an underflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | -| ArithmeticTainted.java:139:3:139:8 | --... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:139:5:139:8 | data | $@ flows to here and is used in arithmetic, potentially causing an underflow. | ArithmeticTainted.java:17:46:17:54 | System.in | User-provided value | +| ArithmeticTainted.java:32:17:32:25 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:32:17:32:20 | data | This arithmetic expression depends on a $@, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:40:17:40:25 | ... - ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:40:17:40:20 | data | This arithmetic expression depends on a $@, potentially causing an underflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:50:17:50:24 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:50:17:50:20 | data | This arithmetic expression depends on a $@, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:71:17:71:27 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:71:17:71:23 | herring | This arithmetic expression depends on a $@, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:95:37:95:46 | ... + ... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:95:37:95:40 | data | This arithmetic expression depends on a $@, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:127:3:127:8 | ...++ | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:127:3:127:6 | data | This arithmetic expression depends on a $@, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:131:3:131:8 | ++... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:131:5:131:8 | data | This arithmetic expression depends on a $@, potentially causing an overflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:135:3:135:8 | ...-- | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:135:3:135:6 | data | This arithmetic expression depends on a $@, potentially causing an underflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | +| ArithmeticTainted.java:139:3:139:8 | --... | ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:139:5:139:8 | data | This arithmetic expression depends on a $@, potentially causing an underflow. | ArithmeticTainted.java:17:46:17:54 | System.in | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.expected b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.expected index 07f29d1e2f9..43256841646 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.expected +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.expected @@ -12,7 +12,7 @@ nodes | Test.java:280:37:280:41 | data2 | semmle.label | data2 | subpaths #select -| Test.java:210:17:210:24 | ... + ... | Test.java:206:14:206:57 | nextInt(...) : Number | Test.java:210:17:210:20 | data | $@ flows to here and is used in arithmetic, potentially causing an overflow. | Test.java:206:14:206:57 | nextInt(...) | Uncontrolled value | -| Test.java:241:37:241:46 | ... + ... | Test.java:206:14:206:57 | nextInt(...) : Number | Test.java:241:37:241:40 | data | $@ flows to here and is used in arithmetic, potentially causing an overflow. | Test.java:206:14:206:57 | nextInt(...) | Uncontrolled value | -| Test.java:249:17:249:25 | ... + ... | Test.java:245:15:245:35 | nextInt(...) : Number | Test.java:249:17:249:21 | data2 | $@ flows to here and is used in arithmetic, potentially causing an overflow. | Test.java:245:15:245:35 | nextInt(...) | Uncontrolled value | -| Test.java:280:37:280:47 | ... + ... | Test.java:245:15:245:35 | nextInt(...) : Number | Test.java:280:37:280:41 | data2 | $@ flows to here and is used in arithmetic, potentially causing an overflow. | Test.java:245:15:245:35 | nextInt(...) | Uncontrolled value | +| Test.java:210:17:210:24 | ... + ... | Test.java:206:14:206:57 | nextInt(...) : Number | Test.java:210:17:210:20 | data | This arithmetic expression depends on an $@, potentially causing an overflow. | Test.java:206:14:206:57 | nextInt(...) | uncontrolled value | +| Test.java:241:37:241:46 | ... + ... | Test.java:206:14:206:57 | nextInt(...) : Number | Test.java:241:37:241:40 | data | This arithmetic expression depends on an $@, potentially causing an overflow. | Test.java:206:14:206:57 | nextInt(...) | uncontrolled value | +| Test.java:249:17:249:25 | ... + ... | Test.java:245:15:245:35 | nextInt(...) : Number | Test.java:249:17:249:21 | data2 | This arithmetic expression depends on an $@, potentially causing an overflow. | Test.java:245:15:245:35 | nextInt(...) | uncontrolled value | +| Test.java:280:37:280:47 | ... + ... | Test.java:245:15:245:35 | nextInt(...) : Number | Test.java:280:37:280:41 | data2 | This arithmetic expression depends on an $@, potentially causing an overflow. | Test.java:245:15:245:35 | nextInt(...) | uncontrolled value | diff --git a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected index 13a14d69756..86e91b2003b 100644 --- a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected +++ b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected @@ -17,8 +17,8 @@ nodes | UnsafeHostnameVerification.java:97:72:102:5 | new (...) : new HostnameVerifier(...) { ... } | semmle.label | new (...) : new HostnameVerifier(...) { ... } | subpaths #select -| UnsafeHostnameVerification.java:14:55:19:9 | new (...) | UnsafeHostnameVerification.java:14:55:19:9 | new (...) | UnsafeHostnameVerification.java:14:55:19:9 | new (...) | $@ that is defined $@ and accepts any certificate as valid, is used here. | UnsafeHostnameVerification.java:14:55:19:9 | new (...) | This hostname verifier | UnsafeHostnameVerification.java:14:59:14:74 | new HostnameVerifier(...) { ... } | here | -| UnsafeHostnameVerification.java:26:55:26:71 | ...->... | UnsafeHostnameVerification.java:26:55:26:71 | ...->... | UnsafeHostnameVerification.java:26:55:26:71 | ...->... | $@ that is defined $@ and accepts any certificate as valid, is used here. | UnsafeHostnameVerification.java:26:55:26:71 | ...->... | This hostname verifier | UnsafeHostnameVerification.java:26:55:26:71 | new HostnameVerifier(...) { ... } | here | -| UnsafeHostnameVerification.java:47:55:47:71 | ...->... | UnsafeHostnameVerification.java:47:55:47:71 | ...->... | UnsafeHostnameVerification.java:47:55:47:71 | ...->... | $@ that is defined $@ and accepts any certificate as valid, is used here. | UnsafeHostnameVerification.java:47:55:47:71 | ...->... | This hostname verifier | UnsafeHostnameVerification.java:47:55:47:71 | new HostnameVerifier(...) { ... } | here | -| UnsafeHostnameVerification.java:81:55:81:62 | verifier | UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:81:55:81:62 | verifier | $@ that is defined $@ and accepts any certificate as valid, is used here. | UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | This hostname verifier | UnsafeHostnameVerification.java:66:41:66:56 | new HostnameVerifier(...) { ... } | here | -| UnsafeHostnameVerification.java:94:55:94:62 | verifier | UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:94:55:94:62 | verifier | $@ that is defined $@ and accepts any certificate as valid, is used here. | UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | This hostname verifier | UnsafeHostnameVerification.java:88:41:88:56 | new HostnameVerifier(...) { ... } | here | +| UnsafeHostnameVerification.java:14:55:19:9 | new (...) | UnsafeHostnameVerification.java:14:55:19:9 | new (...) | UnsafeHostnameVerification.java:14:55:19:9 | new (...) | The $@ defined by $@ always accepts any certificate, even if the hostname does not match. | UnsafeHostnameVerification.java:14:55:19:9 | new (...) | hostname verifier | UnsafeHostnameVerification.java:14:59:14:74 | new HostnameVerifier(...) { ... } | this type | +| UnsafeHostnameVerification.java:26:55:26:71 | ...->... | UnsafeHostnameVerification.java:26:55:26:71 | ...->... | UnsafeHostnameVerification.java:26:55:26:71 | ...->... | The $@ defined by $@ always accepts any certificate, even if the hostname does not match. | UnsafeHostnameVerification.java:26:55:26:71 | ...->... | hostname verifier | UnsafeHostnameVerification.java:26:55:26:71 | new HostnameVerifier(...) { ... } | this type | +| UnsafeHostnameVerification.java:47:55:47:71 | ...->... | UnsafeHostnameVerification.java:47:55:47:71 | ...->... | UnsafeHostnameVerification.java:47:55:47:71 | ...->... | The $@ defined by $@ always accepts any certificate, even if the hostname does not match. | UnsafeHostnameVerification.java:47:55:47:71 | ...->... | hostname verifier | UnsafeHostnameVerification.java:47:55:47:71 | new HostnameVerifier(...) { ... } | this type | +| UnsafeHostnameVerification.java:81:55:81:62 | verifier | UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:81:55:81:62 | verifier | The $@ defined by $@ always accepts any certificate, even if the hostname does not match. | UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | hostname verifier | UnsafeHostnameVerification.java:66:41:66:56 | new HostnameVerifier(...) { ... } | this type | +| UnsafeHostnameVerification.java:94:55:94:62 | verifier | UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:94:55:94:62 | verifier | The $@ defined by $@ always accepts any certificate, even if the hostname does not match. | UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | hostname verifier | UnsafeHostnameVerification.java:88:41:88:56 | new HostnameVerifier(...) { ... } | this type | diff --git a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java index c893e0b8eef..8343f50ace1 100644 --- a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java +++ b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java @@ -46,7 +46,7 @@ public class UnsafeHostnameVerification { private void functionThatActuallyDisablesVerification() { HttpsURLConnection.setDefaultHostnameVerifier((name, s) -> true); // GOOD [but detected as BAD], because we only // check guards inside a function - // and not accross function calls. This is considerer GOOD because the call to + // and not across function calls. This is considerer GOOD because the call to // `functionThatActuallyDisablesVerification` is guarded by a feature flag in // `testGuardedByFlagAccrossCalls`. // Although this is not ideal as another function could directly call diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected index a6a8886c4b3..09ebc2d8b48 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected +++ b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected @@ -19,7 +19,7 @@ nodes | HttpsUrlsTest.java:92:50:92:50 | u | semmle.label | u | subpaths #select -| HttpsUrlsTest.java:28:50:28:50 | u | HttpsUrlsTest.java:23:23:23:31 | "http://" : String | HttpsUrlsTest.java:28:50:28:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:23:23:23:31 | "http://" | this source | -| HttpsUrlsTest.java:41:50:41:50 | u | HttpsUrlsTest.java:36:23:36:28 | "http" : String | HttpsUrlsTest.java:41:50:41:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:36:23:36:28 | "http" | this source | -| HttpsUrlsTest.java:55:50:55:50 | u | HttpsUrlsTest.java:49:23:49:31 | "http://" : String | HttpsUrlsTest.java:55:50:55:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:49:23:49:31 | "http://" | this source | -| HttpsUrlsTest.java:92:50:92:50 | u | HttpsUrlsTest.java:87:23:87:28 | "http" : String | HttpsUrlsTest.java:92:50:92:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:87:23:87:28 | "http" | this source | +| HttpsUrlsTest.java:28:50:28:50 | u | HttpsUrlsTest.java:23:23:23:31 | "http://" : String | HttpsUrlsTest.java:28:50:28:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:23:23:23:31 | "http://" | this HTTP URL | +| HttpsUrlsTest.java:41:50:41:50 | u | HttpsUrlsTest.java:36:23:36:28 | "http" : String | HttpsUrlsTest.java:41:50:41:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:36:23:36:28 | "http" | this HTTP URL | +| HttpsUrlsTest.java:55:50:55:50 | u | HttpsUrlsTest.java:49:23:49:31 | "http://" : String | HttpsUrlsTest.java:55:50:55:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:49:23:49:31 | "http://" | this HTTP URL | +| HttpsUrlsTest.java:92:50:92:50 | u | HttpsUrlsTest.java:87:23:87:28 | "http" : String | HttpsUrlsTest.java:92:50:92:50 | u | URL may have been constructed with HTTP protocol, using $@. | HttpsUrlsTest.java:87:23:87:28 | "http" | this HTTP URL | diff --git a/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected b/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected index d11a467a2e6..f6882038540 100644 --- a/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected +++ b/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected @@ -1,4 +1,4 @@ -| Test.java:13:4:13:10 | act(...) | The state of $@ is checked $@, and then it is used here. But these are not jointly synchronized. | Test.java:10:32:10:41 | r | r | Test.java:12:7:12:18 | getState(...) | here | -| Test.java:20:4:20:10 | act(...) | The state of $@ is checked $@, and then it is used here. But these are not jointly synchronized. | Test.java:17:32:17:42 | r | r | Test.java:19:7:19:18 | getState(...) | here | -| Test.java:27:4:27:10 | act(...) | The state of $@ is checked $@, and then it is used here. But these are not jointly synchronized. | Test.java:24:19:24:28 | r | r | Test.java:26:7:26:18 | getState(...) | here | -| Test.java:35:5:35:11 | act(...) | The state of $@ is checked $@, and then it is used here. But these are not jointly synchronized. | Test.java:31:19:31:28 | r | r | Test.java:34:8:34:19 | getState(...) | here | +| Test.java:13:4:13:10 | act(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | Test.java:10:32:10:41 | r | r | Test.java:12:7:12:18 | getState(...) | is checked at a previous call | +| Test.java:20:4:20:10 | act(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | Test.java:17:32:17:42 | r | r | Test.java:19:7:19:18 | getState(...) | is checked at a previous call | +| Test.java:27:4:27:10 | act(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | Test.java:24:19:24:28 | r | r | Test.java:26:7:26:18 | getState(...) | is checked at a previous call | +| Test.java:35:5:35:11 | act(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | Test.java:31:19:31:28 | r | r | Test.java:34:8:34:19 | getState(...) | is checked at a previous call | diff --git a/java/ql/test/query-tests/security/CWE-441/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-441/AndroidManifest.xml new file mode 100644 index 00000000000..ba8b4c25f1a --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/AndroidManifest.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-441/Test.java b/java/ql/test/query-tests/security/CWE-441/Test.java new file mode 100644 index 00000000000..0bda0933115 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/Test.java @@ -0,0 +1,115 @@ +package test; + +import android.content.ContentResolver; +import android.net.Uri; +import android.app.Activity; + +public class Test extends Activity { + private void validateWithEquals(Uri uri) { + if (!uri.equals(Uri.parse("content://safe/uri"))) + throw new SecurityException(); + } + + private void validateWithAllowList(Uri uri) throws SecurityException { + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (!normalized.startsWith("/safe/path")) + throw new SecurityException(); + } + + private void validateWithBlockList(Uri uri) throws SecurityException { + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (normalized.startsWith("/data")) + throw new SecurityException(); + } + + public void onCreate() { + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + contentResolver.openInputStream(uri); // $ hasTaintFlow + contentResolver.openOutputStream(uri); // $ hasTaintFlow + contentResolver.openAssetFile(uri, null, null); // $ hasTaintFlow + contentResolver.openAssetFileDescriptor(uri, null); // $ hasTaintFlow + contentResolver.openFile(uri, null, null); // $ hasTaintFlow + contentResolver.openFileDescriptor(uri, null); // $ hasTaintFlow + contentResolver.openTypedAssetFile(uri, null, null, null); // $ hasTaintFlow + contentResolver.openTypedAssetFileDescriptor(uri, null, null); // $ hasTaintFlow + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (path.startsWith("/data")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // $ hasTaintFlow + } + // Equals checks + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + if (!uri.equals(Uri.parse("content://safe/uri"))) + throw new SecurityException(); + contentResolver.openInputStream(uri); // Safe + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + validateWithEquals(uri); + contentResolver.openInputStream(uri); // Safe + } + // Allow list checks + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (!path.startsWith("/safe/path")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // $ hasTaintFlow + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (!normalized.startsWith("/safe/path")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // Safe + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + validateWithAllowList(uri); + contentResolver.openInputStream(uri); // Safe + } + // Block list checks + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (path.startsWith("/data")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // $ hasTaintFlow + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (normalized.startsWith("/data")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // Safe + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + validateWithBlockList(uri); + contentResolver.openInputStream(uri); // Safe + } + } +} diff --git a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.expected b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql new file mode 100644 index 00000000000..b087c0c1010 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql @@ -0,0 +1,11 @@ +import java +import TestUtilities.InlineFlowTest +import semmle.code.java.security.UnsafeContentUriResolutionQuery + +class Test extends InlineFlowTest { + override DataFlow::Configuration getValueFlowConfig() { none() } + + override TaintTracking::Configuration getTaintFlowConfig() { + result instanceof UnsafeContentResolutionConf + } +} diff --git a/java/ql/test/query-tests/security/CWE-441/options b/java/ql/test/query-tests/security/CWE-441/options new file mode 100644 index 00000000000..dacd3cb21df --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0 diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected index 25824c79394..6fa4d4a50c6 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected @@ -18,8 +18,8 @@ nodes subpaths | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | #select -| UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | Potentially untrusted URL redirection due to $@. | UrlRedirect.java:23:25:23:54 | getParameter(...) | user-provided value | -| UrlRedirect.java:32:25:32:67 | weakCleanup(...) | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | Potentially untrusted URL redirection due to $@. | UrlRedirect.java:32:37:32:66 | getParameter(...) | user-provided value | -| UrlRedirect.java:36:25:36:89 | ... + ... | UrlRedirect.java:36:58:36:89 | getParameter(...) : String | UrlRedirect.java:36:25:36:89 | ... + ... | Potentially untrusted URL redirection due to $@. | UrlRedirect.java:36:58:36:89 | getParameter(...) | user-provided value | -| UrlRedirect.java:39:34:39:63 | getParameter(...) | UrlRedirect.java:39:34:39:63 | getParameter(...) | UrlRedirect.java:39:34:39:63 | getParameter(...) | Potentially untrusted URL redirection due to $@. | UrlRedirect.java:39:34:39:63 | getParameter(...) | user-provided value | -| UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | Potentially untrusted URL redirection due to $@. | UrlRedirect.java:42:43:42:72 | getParameter(...) | user-provided value | +| UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:23:25:23:54 | getParameter(...) | user-provided value | +| UrlRedirect.java:32:25:32:67 | weakCleanup(...) | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:32:37:32:66 | getParameter(...) | user-provided value | +| UrlRedirect.java:36:25:36:89 | ... + ... | UrlRedirect.java:36:58:36:89 | getParameter(...) : String | UrlRedirect.java:36:25:36:89 | ... + ... | Untrusted URL redirection depends on a $@. | UrlRedirect.java:36:58:36:89 | getParameter(...) | user-provided value | +| UrlRedirect.java:39:34:39:63 | getParameter(...) | UrlRedirect.java:39:34:39:63 | getParameter(...) | UrlRedirect.java:39:34:39:63 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:39:34:39:63 | getParameter(...) | user-provided value | +| UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:42:43:42:72 | getParameter(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-611/XXE.expected b/java/ql/test/query-tests/security/CWE-611/XXE.expected index 993a6012273..6304e3582a2 100644 --- a/java/ql/test/query-tests/security/CWE-611/XXE.expected +++ b/java/ql/test/query-tests/security/CWE-611/XXE.expected @@ -251,101 +251,101 @@ nodes | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | semmle.label | getInputStream(...) | subpaths #select -| DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) : InputStream | DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | -| SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | user-provided value | -| SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | user-provided value | -| SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXParserTests.java:13:18:13:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:30:18:30:38 | getInputStream(...) | SAXParserTests.java:30:18:30:38 | getInputStream(...) | SAXParserTests.java:30:18:30:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXParserTests.java:30:18:30:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:38:18:38:38 | getInputStream(...) | SAXParserTests.java:38:18:38:38 | getInputStream(...) | SAXParserTests.java:38:18:38:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXParserTests.java:38:18:38:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:46:18:46:38 | getInputStream(...) | SAXParserTests.java:46:18:46:38 | getInputStream(...) | SAXParserTests.java:46:18:46:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXParserTests.java:46:18:46:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:55:18:55:38 | getInputStream(...) | SAXParserTests.java:55:18:55:38 | getInputStream(...) | SAXParserTests.java:55:18:55:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXParserTests.java:55:18:55:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:64:18:64:38 | getInputStream(...) | SAXParserTests.java:64:18:64:38 | getInputStream(...) | SAXParserTests.java:64:18:64:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXParserTests.java:64:18:64:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:73:18:73:38 | getInputStream(...) | SAXParserTests.java:73:18:73:38 | getInputStream(...) | SAXParserTests.java:73:18:73:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXParserTests.java:73:18:73:38 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:8:17:8:37 | getInputStream(...) | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:23:17:23:37 | getInputStream(...) | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:30:17:30:37 | getInputStream(...) | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:37:17:37:37 | getInputStream(...) | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:45:17:45:37 | getInputStream(...) | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:53:17:53:37 | getInputStream(...) | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:61:17:61:37 | getInputStream(...) | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | user-provided value | -| SAXSourceTests.java:20:18:20:23 | source | SAXSourceTests.java:17:62:17:82 | getInputStream(...) : InputStream | SAXSourceTests.java:20:18:20:23 | source | A $@ is parsed as XML without guarding against external entity expansion. | SAXSourceTests.java:17:62:17:82 | getInputStream(...) | user-provided value | -| SchemaTests.java:12:39:12:77 | new StreamSource(...) | SchemaTests.java:12:56:12:76 | getInputStream(...) : InputStream | SchemaTests.java:12:39:12:77 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | SchemaTests.java:12:56:12:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:25:39:25:77 | new StreamSource(...) | SchemaTests.java:25:56:25:76 | getInputStream(...) : InputStream | SchemaTests.java:25:39:25:77 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | SchemaTests.java:25:56:25:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:31:39:31:77 | new StreamSource(...) | SchemaTests.java:31:56:31:76 | getInputStream(...) : InputStream | SchemaTests.java:31:39:31:77 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | SchemaTests.java:31:56:31:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:38:39:38:77 | new StreamSource(...) | SchemaTests.java:38:56:38:76 | getInputStream(...) : InputStream | SchemaTests.java:38:39:38:77 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | SchemaTests.java:38:56:38:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:45:39:45:77 | new StreamSource(...) | SchemaTests.java:45:56:45:76 | getInputStream(...) : InputStream | SchemaTests.java:45:39:45:77 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | SchemaTests.java:45:56:45:76 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | SimpleXMLTests.java:24:63:24:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:24:63:24:83 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:31:41:31:53 | new String(...) | SimpleXMLTests.java:30:5:30:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:31:41:31:53 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:30:5:30:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:38:41:38:53 | new String(...) | SimpleXMLTests.java:37:5:37:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:38:41:38:53 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:37:5:37:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | SimpleXMLTests.java:43:63:43:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:43:63:43:83 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | SimpleXMLTests.java:68:59:68:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:68:59:68:79 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | SimpleXMLTests.java:73:59:73:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:73:59:73:79 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | SimpleXMLTests.java:78:48:78:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:78:48:78:68 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | SimpleXMLTests.java:83:48:83:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:83:48:83:68 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:90:37:90:49 | new String(...) | SimpleXMLTests.java:89:5:89:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:90:37:90:49 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:89:5:89:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:97:37:97:49 | new String(...) | SimpleXMLTests.java:96:5:96:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:97:37:97:49 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:96:5:96:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:104:26:104:38 | new String(...) | SimpleXMLTests.java:103:5:103:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:104:26:104:38 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:103:5:103:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:111:26:111:38 | new String(...) | SimpleXMLTests.java:110:5:110:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:111:26:111:38 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:110:5:110:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | SimpleXMLTests.java:119:44:119:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:119:44:119:64 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | SimpleXMLTests.java:129:44:129:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:129:44:129:64 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | SimpleXMLTests.java:139:44:139:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:139:44:139:64 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:146:22:146:34 | new String(...) | SimpleXMLTests.java:145:5:145:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:146:22:146:34 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:145:5:145:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:153:22:153:34 | new String(...) | SimpleXMLTests.java:152:5:152:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:153:22:153:34 | new String(...) | A $@ is parsed as XML without guarding against external entity expansion. | SimpleXMLTests.java:152:5:152:25 | getInputStream(...) | user-provided value | -| TransformerTests.java:20:27:20:65 | new StreamSource(...) | TransformerTests.java:20:44:20:64 | getInputStream(...) : InputStream | TransformerTests.java:20:27:20:65 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:20:44:20:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:21:23:21:61 | new StreamSource(...) | TransformerTests.java:21:40:21:60 | getInputStream(...) : InputStream | TransformerTests.java:21:23:21:61 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:21:40:21:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:71:27:71:65 | new StreamSource(...) | TransformerTests.java:71:44:71:64 | getInputStream(...) : InputStream | TransformerTests.java:71:27:71:65 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:71:44:71:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:72:23:72:61 | new StreamSource(...) | TransformerTests.java:72:40:72:60 | getInputStream(...) : InputStream | TransformerTests.java:72:23:72:61 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:72:40:72:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:79:27:79:65 | new StreamSource(...) | TransformerTests.java:79:44:79:64 | getInputStream(...) : InputStream | TransformerTests.java:79:27:79:65 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:79:44:79:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:80:23:80:61 | new StreamSource(...) | TransformerTests.java:80:40:80:60 | getInputStream(...) : InputStream | TransformerTests.java:80:23:80:61 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:80:40:80:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:88:27:88:65 | new StreamSource(...) | TransformerTests.java:88:44:88:64 | getInputStream(...) : InputStream | TransformerTests.java:88:27:88:65 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:88:44:88:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:89:23:89:61 | new StreamSource(...) | TransformerTests.java:89:40:89:60 | getInputStream(...) : InputStream | TransformerTests.java:89:23:89:61 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:89:40:89:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:97:27:97:65 | new StreamSource(...) | TransformerTests.java:97:44:97:64 | getInputStream(...) : InputStream | TransformerTests.java:97:27:97:65 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:97:44:97:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:98:23:98:61 | new StreamSource(...) | TransformerTests.java:98:40:98:60 | getInputStream(...) : InputStream | TransformerTests.java:98:23:98:61 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:98:40:98:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:103:21:103:59 | new StreamSource(...) | TransformerTests.java:103:38:103:58 | getInputStream(...) : InputStream | TransformerTests.java:103:21:103:59 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:103:38:103:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:116:21:116:59 | new StreamSource(...) | TransformerTests.java:116:38:116:58 | getInputStream(...) : InputStream | TransformerTests.java:116:21:116:59 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:116:38:116:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:122:21:122:59 | new StreamSource(...) | TransformerTests.java:122:38:122:58 | getInputStream(...) : InputStream | TransformerTests.java:122:21:122:59 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:122:38:122:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:129:21:129:59 | new StreamSource(...) | TransformerTests.java:129:38:129:58 | getInputStream(...) : InputStream | TransformerTests.java:129:21:129:59 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:129:38:129:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:136:21:136:59 | new StreamSource(...) | TransformerTests.java:136:38:136:58 | getInputStream(...) : InputStream | TransformerTests.java:136:21:136:59 | new StreamSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:136:38:136:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:141:18:141:70 | new SAXSource(...) | TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | TransformerTests.java:141:18:141:70 | new SAXSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | TransformerTests.java:141:48:141:68 | getInputStream(...) | user-provided value | -| UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:16:18:16:55 | new InputSource(...) | XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:16:34:16:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:56:18:56:55 | new InputSource(...) | XMLReaderTests.java:56:34:56:54 | getInputStream(...) : InputStream | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:56:34:56:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:63:18:63:55 | new InputSource(...) | XMLReaderTests.java:63:34:63:54 | getInputStream(...) : InputStream | XMLReaderTests.java:63:18:63:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:63:34:63:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:70:18:70:55 | new InputSource(...) | XMLReaderTests.java:70:34:70:54 | getInputStream(...) : InputStream | XMLReaderTests.java:70:18:70:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:70:34:70:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:78:18:78:55 | new InputSource(...) | XMLReaderTests.java:78:34:78:54 | getInputStream(...) : InputStream | XMLReaderTests.java:78:18:78:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:78:34:78:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:86:18:86:55 | new InputSource(...) | XMLReaderTests.java:86:34:86:54 | getInputStream(...) : InputStream | XMLReaderTests.java:86:18:86:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:86:34:86:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:94:18:94:55 | new InputSource(...) | XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | XMLReaderTests.java:94:18:94:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:94:34:94:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:100:18:100:55 | new InputSource(...) | XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XMLReaderTests.java:100:34:100:54 | getInputStream(...) | user-provided value | -| XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | A $@ is parsed as XML without guarding against external entity expansion. | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | A $@ is parsed as XML without guarding against external entity expansion. | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) : InputStream | DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | +| DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | +| SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | user-provided value | +| SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | user-provided value | +| SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:13:18:13:38 | getInputStream(...) | user-provided value | +| SAXParserTests.java:30:18:30:38 | getInputStream(...) | SAXParserTests.java:30:18:30:38 | getInputStream(...) | SAXParserTests.java:30:18:30:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:30:18:30:38 | getInputStream(...) | user-provided value | +| SAXParserTests.java:38:18:38:38 | getInputStream(...) | SAXParserTests.java:38:18:38:38 | getInputStream(...) | SAXParserTests.java:38:18:38:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:38:18:38:38 | getInputStream(...) | user-provided value | +| SAXParserTests.java:46:18:46:38 | getInputStream(...) | SAXParserTests.java:46:18:46:38 | getInputStream(...) | SAXParserTests.java:46:18:46:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:46:18:46:38 | getInputStream(...) | user-provided value | +| SAXParserTests.java:55:18:55:38 | getInputStream(...) | SAXParserTests.java:55:18:55:38 | getInputStream(...) | SAXParserTests.java:55:18:55:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:55:18:55:38 | getInputStream(...) | user-provided value | +| SAXParserTests.java:64:18:64:38 | getInputStream(...) | SAXParserTests.java:64:18:64:38 | getInputStream(...) | SAXParserTests.java:64:18:64:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:64:18:64:38 | getInputStream(...) | user-provided value | +| SAXParserTests.java:73:18:73:38 | getInputStream(...) | SAXParserTests.java:73:18:73:38 | getInputStream(...) | SAXParserTests.java:73:18:73:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:73:18:73:38 | getInputStream(...) | user-provided value | +| SAXReaderTests.java:8:17:8:37 | getInputStream(...) | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | user-provided value | +| SAXReaderTests.java:23:17:23:37 | getInputStream(...) | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | user-provided value | +| SAXReaderTests.java:30:17:30:37 | getInputStream(...) | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | user-provided value | +| SAXReaderTests.java:37:17:37:37 | getInputStream(...) | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | user-provided value | +| SAXReaderTests.java:45:17:45:37 | getInputStream(...) | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | user-provided value | +| SAXReaderTests.java:53:17:53:37 | getInputStream(...) | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | user-provided value | +| SAXReaderTests.java:61:17:61:37 | getInputStream(...) | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | user-provided value | +| SAXSourceTests.java:20:18:20:23 | source | SAXSourceTests.java:17:62:17:82 | getInputStream(...) : InputStream | SAXSourceTests.java:20:18:20:23 | source | XML parsing depends on a $@ without guarding against external entity expansion. | SAXSourceTests.java:17:62:17:82 | getInputStream(...) | user-provided value | +| SchemaTests.java:12:39:12:77 | new StreamSource(...) | SchemaTests.java:12:56:12:76 | getInputStream(...) : InputStream | SchemaTests.java:12:39:12:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:12:56:12:76 | getInputStream(...) | user-provided value | +| SchemaTests.java:25:39:25:77 | new StreamSource(...) | SchemaTests.java:25:56:25:76 | getInputStream(...) : InputStream | SchemaTests.java:25:39:25:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:25:56:25:76 | getInputStream(...) | user-provided value | +| SchemaTests.java:31:39:31:77 | new StreamSource(...) | SchemaTests.java:31:56:31:76 | getInputStream(...) : InputStream | SchemaTests.java:31:39:31:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:31:56:31:76 | getInputStream(...) | user-provided value | +| SchemaTests.java:38:39:38:77 | new StreamSource(...) | SchemaTests.java:38:56:38:76 | getInputStream(...) : InputStream | SchemaTests.java:38:39:38:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:38:56:38:76 | getInputStream(...) | user-provided value | +| SchemaTests.java:45:39:45:77 | new StreamSource(...) | SchemaTests.java:45:56:45:76 | getInputStream(...) : InputStream | SchemaTests.java:45:39:45:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:45:56:45:76 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | SimpleXMLTests.java:24:63:24:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:24:63:24:83 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:31:41:31:53 | new String(...) | SimpleXMLTests.java:30:5:30:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:31:41:31:53 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:30:5:30:25 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:38:41:38:53 | new String(...) | SimpleXMLTests.java:37:5:37:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:38:41:38:53 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:37:5:37:25 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | SimpleXMLTests.java:43:63:43:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:43:63:43:83 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | SimpleXMLTests.java:68:59:68:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:68:59:68:79 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | SimpleXMLTests.java:73:59:73:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:73:59:73:79 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | SimpleXMLTests.java:78:48:78:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:78:48:78:68 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | SimpleXMLTests.java:83:48:83:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:83:48:83:68 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:90:37:90:49 | new String(...) | SimpleXMLTests.java:89:5:89:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:90:37:90:49 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:89:5:89:25 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:97:37:97:49 | new String(...) | SimpleXMLTests.java:96:5:96:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:97:37:97:49 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:96:5:96:25 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:104:26:104:38 | new String(...) | SimpleXMLTests.java:103:5:103:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:104:26:104:38 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:103:5:103:25 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:111:26:111:38 | new String(...) | SimpleXMLTests.java:110:5:110:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:111:26:111:38 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:110:5:110:25 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | SimpleXMLTests.java:119:44:119:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:119:44:119:64 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | SimpleXMLTests.java:129:44:129:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:129:44:129:64 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | SimpleXMLTests.java:139:44:139:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:139:44:139:64 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:146:22:146:34 | new String(...) | SimpleXMLTests.java:145:5:145:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:146:22:146:34 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:145:5:145:25 | getInputStream(...) | user-provided value | +| SimpleXMLTests.java:153:22:153:34 | new String(...) | SimpleXMLTests.java:152:5:152:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:153:22:153:34 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:152:5:152:25 | getInputStream(...) | user-provided value | +| TransformerTests.java:20:27:20:65 | new StreamSource(...) | TransformerTests.java:20:44:20:64 | getInputStream(...) : InputStream | TransformerTests.java:20:27:20:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:20:44:20:64 | getInputStream(...) | user-provided value | +| TransformerTests.java:21:23:21:61 | new StreamSource(...) | TransformerTests.java:21:40:21:60 | getInputStream(...) : InputStream | TransformerTests.java:21:23:21:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:21:40:21:60 | getInputStream(...) | user-provided value | +| TransformerTests.java:71:27:71:65 | new StreamSource(...) | TransformerTests.java:71:44:71:64 | getInputStream(...) : InputStream | TransformerTests.java:71:27:71:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:71:44:71:64 | getInputStream(...) | user-provided value | +| TransformerTests.java:72:23:72:61 | new StreamSource(...) | TransformerTests.java:72:40:72:60 | getInputStream(...) : InputStream | TransformerTests.java:72:23:72:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:72:40:72:60 | getInputStream(...) | user-provided value | +| TransformerTests.java:79:27:79:65 | new StreamSource(...) | TransformerTests.java:79:44:79:64 | getInputStream(...) : InputStream | TransformerTests.java:79:27:79:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:79:44:79:64 | getInputStream(...) | user-provided value | +| TransformerTests.java:80:23:80:61 | new StreamSource(...) | TransformerTests.java:80:40:80:60 | getInputStream(...) : InputStream | TransformerTests.java:80:23:80:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:80:40:80:60 | getInputStream(...) | user-provided value | +| TransformerTests.java:88:27:88:65 | new StreamSource(...) | TransformerTests.java:88:44:88:64 | getInputStream(...) : InputStream | TransformerTests.java:88:27:88:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:88:44:88:64 | getInputStream(...) | user-provided value | +| TransformerTests.java:89:23:89:61 | new StreamSource(...) | TransformerTests.java:89:40:89:60 | getInputStream(...) : InputStream | TransformerTests.java:89:23:89:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:89:40:89:60 | getInputStream(...) | user-provided value | +| TransformerTests.java:97:27:97:65 | new StreamSource(...) | TransformerTests.java:97:44:97:64 | getInputStream(...) : InputStream | TransformerTests.java:97:27:97:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:97:44:97:64 | getInputStream(...) | user-provided value | +| TransformerTests.java:98:23:98:61 | new StreamSource(...) | TransformerTests.java:98:40:98:60 | getInputStream(...) : InputStream | TransformerTests.java:98:23:98:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:98:40:98:60 | getInputStream(...) | user-provided value | +| TransformerTests.java:103:21:103:59 | new StreamSource(...) | TransformerTests.java:103:38:103:58 | getInputStream(...) : InputStream | TransformerTests.java:103:21:103:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:103:38:103:58 | getInputStream(...) | user-provided value | +| TransformerTests.java:116:21:116:59 | new StreamSource(...) | TransformerTests.java:116:38:116:58 | getInputStream(...) : InputStream | TransformerTests.java:116:21:116:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:116:38:116:58 | getInputStream(...) | user-provided value | +| TransformerTests.java:122:21:122:59 | new StreamSource(...) | TransformerTests.java:122:38:122:58 | getInputStream(...) : InputStream | TransformerTests.java:122:21:122:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:122:38:122:58 | getInputStream(...) | user-provided value | +| TransformerTests.java:129:21:129:59 | new StreamSource(...) | TransformerTests.java:129:38:129:58 | getInputStream(...) : InputStream | TransformerTests.java:129:21:129:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:129:38:129:58 | getInputStream(...) | user-provided value | +| TransformerTests.java:136:21:136:59 | new StreamSource(...) | TransformerTests.java:136:38:136:58 | getInputStream(...) : InputStream | TransformerTests.java:136:21:136:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:136:38:136:58 | getInputStream(...) | user-provided value | +| TransformerTests.java:141:18:141:70 | new SAXSource(...) | TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | TransformerTests.java:141:18:141:70 | new SAXSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:141:48:141:68 | getInputStream(...) | user-provided value | +| UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:16:18:16:55 | new InputSource(...) | XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:16:34:16:54 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:56:18:56:55 | new InputSource(...) | XMLReaderTests.java:56:34:56:54 | getInputStream(...) : InputStream | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:56:34:56:54 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:63:18:63:55 | new InputSource(...) | XMLReaderTests.java:63:34:63:54 | getInputStream(...) : InputStream | XMLReaderTests.java:63:18:63:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:63:34:63:54 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:70:18:70:55 | new InputSource(...) | XMLReaderTests.java:70:34:70:54 | getInputStream(...) : InputStream | XMLReaderTests.java:70:18:70:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:70:34:70:54 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:78:18:78:55 | new InputSource(...) | XMLReaderTests.java:78:34:78:54 | getInputStream(...) : InputStream | XMLReaderTests.java:78:18:78:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:78:34:78:54 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:86:18:86:55 | new InputSource(...) | XMLReaderTests.java:86:34:86:54 | getInputStream(...) : InputStream | XMLReaderTests.java:86:18:86:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:86:34:86:54 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:94:18:94:55 | new InputSource(...) | XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | XMLReaderTests.java:94:18:94:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:94:34:94:54 | getInputStream(...) | user-provided value | +| XMLReaderTests.java:100:18:100:55 | new InputSource(...) | XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:100:34:100:54 | getInputStream(...) | user-provided value | +| XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | user-provided value | +| XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected index 2897a088743..6ab99919c33 100644 --- a/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected @@ -17,4 +17,4 @@ nodes | Test.java:21:22:21:25 | data | semmle.label | data | subpaths #select -| Test.java:21:17:21:25 | (...)... | Test.java:11:28:11:36 | System.in : InputStream | Test.java:21:22:21:25 | data | $@ flows to here and is cast to a narrower type, potentially causing truncation. | Test.java:11:28:11:36 | System.in | User-provided value | +| Test.java:21:17:21:25 | (...)... | Test.java:11:28:11:36 | System.in : InputStream | Test.java:21:22:21:25 | data | This cast to a narrower type depends on a $@, potentially causing truncation. | Test.java:11:28:11:36 | System.in | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.expected b/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.expected index 3f175d1bf89..7d260698dc4 100644 --- a/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.expected +++ b/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.expected @@ -1,3 +1,3 @@ -| Test.java:17:3:17:21 | setWorldWritable(...) | A file is set to be world writable here, but is read from $@. | Test.java:18:3:18:13 | readFile(...) | statement | -| Test.java:23:3:23:51 | setPosixFilePermissions(...) | A file is set to be world writable here, but is read from $@. | Test.java:24:3:24:23 | readAllLines(...) | statement | -| Test.java:30:3:30:83 | setPosixFilePermissions(...) | A file is set to be world writable here, but is read from $@. | Test.java:31:3:31:25 | new FileInputStream(...) | statement | +| Test.java:17:3:17:21 | setWorldWritable(...) | This sets a file is as world writable, but is read from $@. | Test.java:18:3:18:13 | readFile(...) | statement | +| Test.java:23:3:23:51 | setPosixFilePermissions(...) | This sets a file is as world writable, but is read from $@. | Test.java:24:3:24:23 | readAllLines(...) | statement | +| Test.java:30:3:30:83 | setPosixFilePermissions(...) | This sets a file is as world writable, but is read from $@. | Test.java:31:3:31:25 | new FileInputStream(...) | statement | diff --git a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected index 10622bf7d90..2349a61216f 100644 --- a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected +++ b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected @@ -5,4 +5,4 @@ nodes | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | semmle.label | ... + ... | subpaths #select -| TaintedPermissionsCheckTest.java:15:7:15:54 | isPermitted(...) | TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | Permissions check uses user-controlled $@. | TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) | data | +| TaintedPermissionsCheckTest.java:15:7:15:54 | isPermitted(...) | TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | Permissions check depends on a $@. | TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) | user-controlled value | diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/AndroidManifest.xml new file mode 100644 index 00000000000..928dc72a665 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/AndroidManifest.xml @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.expected b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql new file mode 100644 index 00000000000..9ba691685eb --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql @@ -0,0 +1,22 @@ +import java +import semmle.code.xml.AndroidManifest +import TestUtilities.InlineExpectationsTest + +class ContentProviderIncompletePermissionsTest extends InlineExpectationsTest { + ContentProviderIncompletePermissionsTest() { this = "ContentProviderIncompletePermissionsTest" } + + override string getARelevantTag() { result = "hasIncompletePermissions" } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasIncompletePermissions" and + exists(AndroidProviderXmlElement provider | + provider.getLocation() = location and + provider.toString() = element and + value = "" + | + not provider.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and + provider.hasIncompletePermissions() and + provider.isExported() + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/Testbuild/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/Testbuild/AndroidManifest.xml new file mode 100644 index 00000000000..61eca7c0825 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/Testbuild/AndroidManifest.xml @@ -0,0 +1,25 @@ + + + + + + + + diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll index 4b1a5778cc0..4464842bc38 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll @@ -151,7 +151,7 @@ private int getMaxChars() { result = 1000000 } */ string getBodyTokensFeature(Function function) { // Performance optimization: If a function has more than 256 body subtokens, then featurize it as - // absent. This approximates the behavior of the classifer on non-generic body features where + // absent. This approximates the behavior of the classifier on non-generic body features where // large body features are replaced by the absent token. // // We count nodes instead of tokens because tokens are often not unique. diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml index b437e4de0ba..45d58aae0aa 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-experimental-atm-lib -version: 0.3.4 +version: 0.3.6 extractor: javascript library: true groups: diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml index 9486bf8ef42..46630e15fd9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml @@ -1,6 +1,6 @@ --- dependencies: codeql/javascript-experimental-atm-model: - version: 0.2.0 + version: 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d compiled: false lockVersion: 1.0.0 diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql index 8df29c69715..9ae36f2c834 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql @@ -2,7 +2,7 @@ * For internal use only. * * - * Count the number of sinks and alerts for the `NosqlInection` security query. + * Count the number of sinks and alerts for the `NosqlInjection` security query. */ import semmle.javascript.security.dataflow.NosqlInjectionQuery diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql index 2842c348381..55aade38fd5 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql @@ -2,7 +2,7 @@ * For internal use only. * * - * Count the number of sinks and alerts for the `SqlInection` security query. + * Count the number of sinks and alerts for the `SqlInjection` security query. */ import semmle.javascript.security.dataflow.SqlInjectionQuery diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql deleted file mode 100644 index 716702c27f1..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * NosqlInjection.ql - * - * Version of the standard NoSQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof NosqlInjection::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql deleted file mode 100644 index 38b2de667cf..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql +++ /dev/null @@ -1,28 +0,0 @@ -/** - * NosqlInjectionATM.ql - * - * Version of the boosted NoSQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.NosqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql deleted file mode 100644 index 1db2d35bd75..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * NosqlInjectionATMLite.ql - * - * Arbitrarily ranked version of the boosted NoSQL injection query with an output relation ready to - * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint - * filters, and (b) as a baseline to compare the model against. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.NosqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql deleted file mode 100644 index b0aab6dde4b..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * SqlInjection.ql - * - * Version of the standard SQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof SqlInjection::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql deleted file mode 100644 index da6dbe18972..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql +++ /dev/null @@ -1,28 +0,0 @@ -/** - * SqlInjectionATM.ql - * - * Version of the boosted SQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.SqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql deleted file mode 100644 index 2d07af7a317..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * SqlInjectionATMLite.ql - * - * Arbitrarily ranked version of the boosted SQL injection query with an output relation ready to - * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint - * filters, and (b) as a baseline to compare the model against. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.SqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql deleted file mode 100644 index ecf3238e980..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * TaintedPath.ql - * - * Version of the standard path injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof TaintedPath::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql deleted file mode 100644 index b4fc49a6eb6..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql +++ /dev/null @@ -1,28 +0,0 @@ -/** - * TaintedPathATM.ql - * - * Version of the boosted path injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.TaintedPathATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql deleted file mode 100644 index 74ff55e72a6..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * TaintedPathATMLite.ql - * - * Arbitrarily ranked version of the boosted path injection query with an output relation ready to - * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint - * filters, and (b) as a baseline to compare the model against. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.TaintedPathATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql deleted file mode 100644 index 4047fabdbec..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Xss.ql - * - * Version of the standard XSS query with an output relation ready to plug into the evaluation - * pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof DomBasedXss::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql deleted file mode 100644 index 2db5d017bb9..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * XssATM.ql - * - * Version of the boosted XSS query with an output relation ready to plug into the evaluation - * pipeline. - */ - -import javascript -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.XssATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql deleted file mode 100644 index 52f9ab68ea2..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql +++ /dev/null @@ -1,30 +0,0 @@ -/** - * XssATMLite.ql - * - * Arbitrarily ranked version of the boosted XSS query with an output relation ready to plug into - * the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint filters, - * and (b) as a baseline to compare the model against. - */ - -import javascript -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.XssATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql deleted file mode 100644 index 52885baec9b..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql +++ /dev/null @@ -1,25 +0,0 @@ -/* - * For internal use only. - * - * Extracts evaluation data we can use to evaluate ML models for ML-powered queries. - */ - -import javascript -import ExtractEndpointData as ExtractEndpointData - -query predicate endpoints( - DataFlow::Node endpoint, string queryName, string key, string value, string valueType -) { - ExtractEndpointData::endpoints(endpoint, queryName, key, value, valueType) and - // only select endpoints that are either Sink, NotASink or Unknown - ExtractEndpointData::endpoints(endpoint, queryName, "sinkLabel", ["Sink", "NotASink", "Unknown"], - "string") and - // do not select endpoints filtered out by end-to-end evaluation - ExtractEndpointData::endpoints(endpoint, queryName, "isExcludedFromEndToEndEvaluation", "false", - "boolean") -} - -query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) { - endpoints(endpoint, _, _, _, _) and - ExtractEndpointData::tokenFeatures(endpoint, featureName, featureValue) -} diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml index bb195f22f90..a09e499a7a9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml @@ -6,4 +6,4 @@ groups: - experimental dependencies: codeql/javascript-experimental-atm-lib: "*" - codeql/javascript-experimental-atm-model: "0.2.0" + codeql/javascript-experimental-atm-model: "0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d" diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml b/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml index 9486bf8ef42..46630e15fd9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml @@ -1,6 +1,6 @@ --- dependencies: codeql/javascript-experimental-atm-model: - version: 0.2.0 + version: 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d compiled: false lockVersion: 1.0.0 diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml index 0942785b20a..743ea610e48 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/javascript-experimental-atm-queries language: javascript -version: 0.3.4 +version: 0.3.6 suites: codeql-suites defaultSuiteFile: codeql-suites/javascript-atm-code-scanning.qls groups: @@ -8,4 +8,4 @@ groups: - experimental dependencies: codeql/javascript-experimental-atm-lib: "*" - codeql/javascript-experimental-atm-model: "0.2.0" + codeql/javascript-experimental-atm-model: "0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d" diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml b/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml index 9486bf8ef42..46630e15fd9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml @@ -1,6 +1,6 @@ --- dependencies: codeql/javascript-experimental-atm-model: - version: 0.2.0 + version: 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d compiled: false lockVersion: 1.0.0 diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected deleted file mode 100644 index 6a06015ed47..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected +++ /dev/null @@ -1,49956 +0,0 @@ -endpoints -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '

    ' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "
    " | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "" | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '
    ' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "
    " | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "
    ") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '
    • ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "\\""" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "\\""" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "\\""" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | sinkLabel | Unknown | string | -| index.js:1:20:1:23 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:1:20:1:23 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| index.js:1:20:1:23 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:1:20:1:23 | "fs" | TaintedPath | sinkLabel | Sink | string | -| index.js:16:19:16:30 | "underscore" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:16:19:16:30 | "underscore" | TaintedPath | isConstantExpression | true | boolean | -| index.js:16:19:16:30 | "underscore" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:16:19:16:30 | "underscore" | TaintedPath | sinkLabel | Sink | string | -| index.js:17:16:17:30 | "child_process" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:17:16:17:30 | "child_process" | TaintedPath | isConstantExpression | true | boolean | -| index.js:17:16:17:30 | "child_process" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:17:16:17:30 | "child_process" | TaintedPath | sinkLabel | Sink | string | -| index.js:21:9:21:9 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | NosqlInjection | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | NosqlInjection | sinkLabel | NotASink | string | -| index.js:21:9:21:9 | x | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | SqlInjection | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | SqlInjection | sinkLabel | NotASink | string | -| index.js:21:9:21:9 | x | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | TaintedPath | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | TaintedPath | sinkLabel | NotASink | string | -| index.js:21:9:21:9 | x | Xss | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | Xss | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | Xss | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | Xss | sinkLabel | NotASink | string | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| index.js:26:25:26:30 | 'User' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:26:25:26:30 | 'User' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | SqlInjection | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | SqlInjection | sinkLabel | Unknown | string | -| index.js:26:25:26:30 | 'User' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | TaintedPath | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | TaintedPath | sinkLabel | Unknown | string | -| index.js:26:25:26:30 | 'User' | Xss | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | Xss | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | Xss | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | NosqlInjection | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | NosqlInjection | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | SqlInjection | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | SqlInjection | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | TaintedPath | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | TaintedPath | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | Xss | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | Xss | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | Xss | sinkLabel | Unknown | string | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | sinkLabel | Sink | string | -| index.js:29:26:29:29 | true | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:29:26:29:29 | true | SqlInjection | isConstantExpression | true | boolean | -| index.js:29:26:29:29 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:26:29:29 | true | SqlInjection | sinkLabel | Unknown | string | -| index.js:29:26:29:29 | true | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:29:26:29:29 | true | TaintedPath | isConstantExpression | true | boolean | -| index.js:29:26:29:29 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:26:29:29 | true | TaintedPath | sinkLabel | Unknown | string | -| index.js:29:26:29:29 | true | Xss | hasFlowFromSource | false | boolean | -| index.js:29:26:29:29 | true | Xss | isConstantExpression | true | boolean | -| index.js:29:26:29:29 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:26:29:29 | true | Xss | sinkLabel | Unknown | string | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | sinkLabel | NotASink | string | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | sinkLabel | NotASink | string | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | sinkLabel | NotASink | string | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | Xss | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | Xss | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | Xss | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | Xss | sinkLabel | NotASink | string | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:22:44:36 | o.success_scope | Xss | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | Xss | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | Xss | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | Xss | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | Xss | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | Xss | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | Xss | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | Xss | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | Xss | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | Xss | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | Xss | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | Xss | sinkLabel | Unknown | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | sinkLabel | NotASink | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | sinkLabel | NotASink | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | sinkLabel | NotASink | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | NosqlInjection | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | NosqlInjection | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | SqlInjection | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | SqlInjection | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | TaintedPath | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | TaintedPath | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | Xss | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | Xss | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | Xss | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | Xss | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | NosqlInjection | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | NosqlInjection | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | SqlInjection | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | SqlInjection | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | TaintedPath | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | TaintedPath | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | Xss | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | Xss | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | Xss | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | Xss | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | NosqlInjection | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | NosqlInjection | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | NosqlInjection | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | SqlInjection | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | SqlInjection | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | SqlInjection | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | TaintedPath | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | TaintedPath | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | TaintedPath | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | Xss | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | Xss | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | Xss | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | Xss | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | NosqlInjection | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | NosqlInjection | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | NosqlInjection | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | SqlInjection | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | SqlInjection | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | SqlInjection | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | TaintedPath | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | TaintedPath | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | TaintedPath | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | Xss | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | Xss | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | Xss | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | Xss | sinkLabel | NotASink | string | -tokenFeatures -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | CalleeFlexibleAccessPath | getCollection().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getCollection find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | CalleeFlexibleAccessPath | getCollection().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | enclosingFunctionBody | req res v JSON parse req body x getCollection find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | CalleeFlexibleAccessPath | getMongooseModel().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | CalleeFlexibleAccessPath | getMongooseModel().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | CalleeFlexibleAccessPath | getMongooseQuery().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | CalleeFlexibleAccessPath | getMongooseQuery().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | CalleeFlexibleAccessPath | dbClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | contextSurroundingFunctionParameters | (fn) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | receiverName | dbClient | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | CalleeFlexibleAccessPath | dbClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | contextSurroundingFunctionParameters | (fn) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | receiverName | dbClient | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | CalleeFlexibleAccessPath | dbClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | contextSurroundingFunctionParameters | (fn)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | receiverName | dbClient | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | CalleeFlexibleAccessPath | client.db | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | contextSurroundingFunctionParameters | (fn)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | CalleeFlexibleAccessPath | fn | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | contextSurroundingFunctionParameters | (fn)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | CalleeFlexibleAccessPath | ajv.compile | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | calleeImports | ajv | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | receiverName | ajv | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | CalleeFlexibleAccessPath | checkSchema | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | calleeImports | ajv | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | fileImports | marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionBody | req res query query title req body title db myDoc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | CalleeFlexibleAccessPath | db.myDoc.find | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | calleeImports | ./marsdb-flow-from | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | calleeImports | marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | calleeImports | minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | CalleeFlexibleAccessPath | query.body.title.substr | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | CalleeFlexibleAccessPath | client.db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | CalleeFlexibleAccessPath | client.db().collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | CalleeFlexibleAccessPath | client.db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | CalleeFlexibleAccessPath | client.db().collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | CalleeFlexibleAccessPath | client.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | CalleeFlexibleAccessPath | client.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | InputAccessPathFromCallee | 0.tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | assignedToPropName | tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | CalleeFlexibleAccessPath | importedDbo.db().collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | calleeImports | ./dbo.js | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | CalleeFlexibleAccessPath | importedDbo.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | calleeImports | ./dbo.js | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | CalleeFlexibleAccessPath | importedDbo.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | InputAccessPathFromCallee | 0.tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | assignedToPropName | tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | calleeImports | ./dbo.js | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | contextSurroundingFunctionParameters | (params) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (params) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | contextSurroundingFunctionParameters | (params)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | contextSurroundingFunctionParameters | (params)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | contextSurroundingFunctionParameters | (params)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | contextSurroundingFunctionParameters | (queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | contextSurroundingFunctionParameters | (queries)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | contextSurroundingFunctionParameters | (queries)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | contextSurroundingFunctionParameters | (queries)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | CalleeFlexibleAccessPath | Mongoose.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | InputAccessPathFromCallee | 1.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | InputAccessPathFromCallee | 1.title.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | InputAccessPathFromCallee | 1.title.unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | assignedToPropName | unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | InputAccessPathFromCallee | 1.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | CalleeFlexibleAccessPath | Document.aggregate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | CalleeFlexibleAccessPath | Document.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | CalleeFlexibleAccessPath | Document.deleteMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | CalleeFlexibleAccessPath | Document.deleteOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | CalleeFlexibleAccessPath | Document.distinct | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | CalleeFlexibleAccessPath | Document.findOneAndDelete | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | CalleeFlexibleAccessPath | Document.findOneAndRemove | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | CalleeFlexibleAccessPath | Document.replaceOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | CalleeFlexibleAccessPath | Document.update | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | CalleeFlexibleAccessPath | Document.updateMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | CalleeFlexibleAccessPath | Document.updateOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | CalleeFlexibleAccessPath | Document.updateOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | CalleeFlexibleAccessPath | Document.findByIdAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | CalleeFlexibleAccessPath | Document.findByIdAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | CalleeFlexibleAccessPath | Document.findByIdAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | CalleeFlexibleAccessPath | Mongoose.Query | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | CalleeFlexibleAccessPath | Mongoose.Query().and | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | CalleeFlexibleAccessPath | Mongoose.Query().and | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | CalleeFlexibleAccessPath | Document.where | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | CalleeFlexibleAccessPath | Document.where().where | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | CalleeFlexibleAccessPath | Document.where().where().and | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | CalleeFlexibleAccessPath | Document.where().where().and().or | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct().comment | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct().comment().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | CalleeFlexibleAccessPath | Mongoose.createConnection().model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().model().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().models.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | CalleeFlexibleAccessPath | Document.findOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | CalleeFlexibleAccessPath | Document.findOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | CalleeFlexibleAccessPath | Document.findOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | CalleeFlexibleAccessPath | res.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | CalleeFlexibleAccessPath | res.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | CalleeFlexibleAccessPath | Document.find().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | CalleeFlexibleAccessPath | res.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | CalleeFlexibleAccessPath | Document.find().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | CalleeFlexibleAccessPath | Document.find().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | CalleeFlexibleAccessPath | Document.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | CalleeFlexibleAccessPath | Mongoose.Query | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | contextSurroundingFunctionParameters | (X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | CalleeFlexibleAccessPath | C | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | CalleeFlexibleAccessPath | Document.deleteMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | CalleeFlexibleAccessPath | Document.deleteOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | CalleeFlexibleAccessPath | Document.geoSearch | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | CalleeFlexibleAccessPath | Document.remove | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | CalleeFlexibleAccessPath | Document.replaceOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | CalleeFlexibleAccessPath | Document.findById | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndDelete | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndRemove | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | CalleeFlexibleAccessPath | Document.update | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | CalleeFlexibleAccessPath | Document.update | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | CalleeFlexibleAccessPath | Document.updateMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | CalleeFlexibleAccessPath | Document.updateMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | CalleeFlexibleAccessPath | Document.updateOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | CalleeFlexibleAccessPath | Document.updateOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | InputAccessPathFromCallee | 0._id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | assignedToPropName | _id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | InputAccessPathFromCallee | 0._id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | assignedToPropName | _id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | InputAccessPathFromCallee | 0._id.$eq | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | assignedToPropName | $eq | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | CalleeFlexibleAccessPath | Mongoose.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | InputAccessPathFromCallee | 1.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | InputAccessPathFromCallee | 1.title.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | InputAccessPathFromCallee | 1.title.unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | assignedToPropName | unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | InputAccessPathFromCallee | 1.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | enclosingFunctionBody | req res query query title JSON parse req query data title Document find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | enclosingFunctionBody | req res query query title JSON parse req query data title Document find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | CalleeFlexibleAccessPath | mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | fileImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | receiverName | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | CalleeFlexibleAccessPath | mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | fileImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | receiverName | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | receiverName | MyModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | receiverName | MyModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | receiverName | MyModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | CalleeFlexibleAccessPath | this.db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | enclosingFunctionBody | req res taint req params x db one taint res end | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | enclosingFunctionName | onRequest | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | CalleeFlexibleAccessPath | pgp | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | CalleeFlexibleAccessPath | db.any | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | CalleeFlexibleAccessPath | db.many | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | CalleeFlexibleAccessPath | db.manyOrNone | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | CalleeFlexibleAccessPath | db.map | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | CalleeFlexibleAccessPath | db.multi | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | CalleeFlexibleAccessPath | db.multiResult | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | CalleeFlexibleAccessPath | db.none | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | CalleeFlexibleAccessPath | db.oneOrNone | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | CalleeFlexibleAccessPath | db.query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | CalleeFlexibleAccessPath | db.result | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | InputAccessPathFromCallee | 0.values.id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | InputAccessPathFromCallee | 0.values.name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | assignedToPropName | name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | InputAccessPathFromCallee | 0.values.id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | InputAccessPathFromCallee | 0.values.name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | assignedToPropName | name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | InputAccessPathFromCallee | 0.values.title | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | CalleeFlexibleAccessPath | t.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | receiverName | t | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputAccessPathFromCallee | 0.cnd | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | assignedToPropName | cnd | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | CalleeFlexibleAccessPath | t.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | receiverName | t | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | CalleeFlexibleAccessPath | t.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | receiverName | t | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | InputArgumentIndex | 3 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | InputArgumentIndex | 4 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | CalleeFlexibleAccessPath | client.multi().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | CalleeFlexibleAccessPath | client.multi().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | CalleeFlexibleAccessPath | client.multi().set().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | CalleeFlexibleAccessPath | client.multi().set().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | CalleeFlexibleAccessPath | client.multi().set().set().get | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | CalleeFlexibleAccessPath | client.multi().set().set().get().exec | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | contextSurroundingFunctionParameters | (req, res)\n(err, replies) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | CalleeFlexibleAccessPath | client.duplicate | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | CalleeFlexibleAccessPath | newClient.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | receiverName | newClient | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | CalleeFlexibleAccessPath | newClient.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | receiverName | newClient | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | CalleeFlexibleAccessPath | client.duplicate().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | CalleeFlexibleAccessPath | client.duplicate().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | CalleeFlexibleAccessPath | promisify().bind | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | CalleeFlexibleAccessPath | setAsync | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | CalleeFlexibleAccessPath | client.setAsync | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | CalleeFlexibleAccessPath | client.setAsync | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | CalleeFlexibleAccessPath | client.unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | CalleeFlexibleAccessPath | client.unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | CalleeFlexibleAccessPath | promisify().bind | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | CalleeFlexibleAccessPath | unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | CalleeFlexibleAccessPath | unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | CalleeFlexibleAccessPath | io.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | calleeImports | socket.io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | receiverName | io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | CalleeFlexibleAccessPath | io.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | calleeImports | socket.io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | contextSurroundingFunctionParameters | (socket) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | receiverName | io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | CalleeFlexibleAccessPath | socket.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | contextSurroundingFunctionParameters | (socket) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES handle | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | enclosingFunctionName | io.on#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | receiverName | socket | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | CalleeFlexibleAccessPath | socket.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | contextSurroundingFunctionParameters | (socket)\n(handle) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES handle | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | enclosingFunctionName | io.on#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | receiverName | socket | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | CalleeFlexibleAccessPath | db.run | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | calleeImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | contextSurroundingFunctionParameters | (socket)\n(handle) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES handle | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | enclosingFunctionName | io.on#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | enclosingFunctionBody | req res sql query select * from mytable where id = req params id sql Request query select * from mytable where id = ' req params id ' | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | enclosingFunctionBody | req res sql query select * from mytable where id = req params id sql Request query select * from mytable where id = ' req params id ' | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | CalleeFlexibleAccessPath | sql.Request().query | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | calleeImports | mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | enclosingFunctionBody | req res sql query select * from mytable where id = req params id sql Request query select * from mytable where id = ' req params id ' | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, results) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, results) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | receiverName | angular | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | receiverName | angular | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | CalleeFlexibleAccessPath | angular.module().controller | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | CalleeFlexibleAccessPath | angular.module().controller | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | contextSurroundingFunctionParameters | ($routeParams) | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | contextSurroundingFunctionParameters | ($routeParams) | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | enclosingFunctionBody | $routeParams db get SELECT * FROM Post WHERE id = " $routeParams id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | enclosingFunctionName | controller#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | CalleeFlexibleAccessPath | db.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | calleeImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | contextSurroundingFunctionParameters | ($routeParams) | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | enclosingFunctionBody | $routeParams db get SELECT * FROM Post WHERE id = " $routeParams id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | enclosingFunctionName | controller#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | enclosingFunctionBody | req res db get SELECT * FROM Post WHERE id = " req params id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | CalleeFlexibleAccessPath | db.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | calleeImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | enclosingFunctionBody | req res db get SELECT * FROM Post WHERE id = " req params id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | createServer | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | fileImports | fs http path url | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | receiverName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | CalleeFlexibleAccessPath | readFileSync | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | enclosingFunctionBody | req res path parse req url true query path res write readFileSync join public path | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | enclosingFunctionName | createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | fileImports | fs http path url | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | receiverName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | receiverName | path | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | CalleeFlexibleAccessPath | path.indexOf | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | receiverName | path | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | CalleeFlexibleAccessPath | fs.existsSync | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | receiverName | angular | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | receiverName | angular | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | CalleeFlexibleAccessPath | angular.module().directive | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | assignedToPropName | templateUrl | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | enclosingFunctionBody | templateUrl SAFE | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | enclosingFunctionName | directive#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive().directive | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | CalleeFlexibleAccessPath | angular.module().directive().directive | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | assignedToPropName | templateUrl | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionBody | templateUrl Cookie get unsafe | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionName | directive#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | CalleeFlexibleAccessPath | Cookie.get | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionBody | templateUrl Cookie get unsafe | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionName | directive#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | receiverName | Cookie | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | CalleeFlexibleAccessPath | res.render | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextSurroundingFunctionParameters | ()\n(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | receiverName | res | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | CalleeFlexibleAccessPath | addEventListener | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | CalleeFlexibleAccessPath | addEventListener | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextSurroundingFunctionParameters | (ev) | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | CalleeFlexibleAccessPath | fs.realpathSync | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | CalleeFlexibleAccessPath | fs.realpath | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | CalleeFlexibleAccessPath | fs.realpath | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionBody | req res path url parse req url true query path require send req path | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | CalleeFlexibleAccessPath | import(!) | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | calleeImports | send | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionBody | req res path url parse req url true query path require send req path | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | receiverName | path | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | CalleeFlexibleAccessPath | split.join | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | receiverName | split | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | CalleeFlexibleAccessPath | concatted.join | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | receiverName | concatted | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | CalleeFlexibleAccessPath | concatted2.join | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | receiverName | concatted2 | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | fileImports | bluebird fs | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | receiverName | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | assignedToPropName | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | calleeImports | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | enclosingFunctionBody | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | enclosingFunctionName | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | fileImports | bluebird fs | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | receiverName | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | CalleeFlexibleAccessPath | promisify | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | assignedToPropName | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | calleeImports | bluebird | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | contextSurroundingFunctionParameters | (obj, method) | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | enclosingFunctionBody | obj method obj method promisify fs method obj | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | enclosingFunctionName | methods.reduce#functionalargument | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | fileImports | bluebird fs | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | receiverName | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | assignedToPropName | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | calleeImports | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | contextFunctionInterfaces | require(special) | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | enclosingFunctionName | require | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | fileImports | fs original-fs | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | receiverName | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | assignedToPropName | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | calleeImports | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | contextFunctionInterfaces | require(special) | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | enclosingFunctionName | require | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | fileImports | fs original-fs | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | receiverName | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | CalleeFlexibleAccessPath | fs.realpathSync | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | receiverName | normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | receiverName | normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | CalleeFlexibleAccessPath | normalizedPath.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | receiverName | normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | CalleeFlexibleAccessPath | path.slice | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | CalleeFlexibleAccessPath | path.slice | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | CalleeFlexibleAccessPath | relative.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | receiverName | relative | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | CalleeFlexibleAccessPath | relativePath.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | receiverName | relativePath | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | CalleeFlexibleAccessPath | relativePath.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | receiverName | relativePath | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | CalleeFlexibleAccessPath | abs.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | receiverName | abs | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | CalleeFlexibleAccessPath | allowPath | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | CalleeFlexibleAccessPath | allowPath | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | CalleeFlexibleAccessPath | requestPath.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextSurroundingFunctionParameters | (requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | receiverName | requestPath | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | receiverName | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | CalleeFlexibleAccessPath | gracefulFs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | calleeImports | graceful-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | receiverName | gracefulFs | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | CalleeFlexibleAccessPath | fsExtra.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | calleeImports | fs-extra | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | receiverName | fsExtra | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | CalleeFlexibleAccessPath | originalFs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | calleeImports | original-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | receiverName | originalFs | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | CalleeFlexibleAccessPath | import("p").require().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | calleeImports | ./my-fs-module | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | CalleeFlexibleAccessPath | flexibleModuleName.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | receiverName | flexibleModuleName | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionName | getFsModule | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionName | getFsModule | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | CalleeFlexibleAccessPath | util.promisify | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | calleeImports | util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | receiverName | util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | CalleeFlexibleAccessPath | util.promisify() | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | calleeImports | util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | CalleeFlexibleAccessPath | import(!).promisify | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | CalleeFlexibleAccessPath | import(!).promisify() | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | CalleeFlexibleAccessPath | import(!).promisifyAll | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | CalleeFlexibleAccessPath | import(!).promisifyAll().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | receiverName | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | CalleeFlexibleAccessPath | asyncFS.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | calleeImports | ./my-async-fs-module | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | receiverName | asyncFS | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | calleeImports | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | enclosingFunctionBody | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | calleeImports | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | enclosingFunctionBody | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | CalleeFlexibleAccessPath | parseTorrent | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | calleeImports | parse-torrent | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | CalleeFlexibleAccessPath | page.pdf | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | receiverName | page | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | CalleeFlexibleAccessPath | page.pdf | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputAccessPathFromCallee | 0.path | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | assignedToPropName | path | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | CalleeFlexibleAccessPath | page.pdf | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | InputAccessPathFromCallee | 0.format | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | assignedToPropName | format | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | CalleeFlexibleAccessPath | pages.?.screenshot | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | CalleeFlexibleAccessPath | pages.?.screenshot | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | InputAccessPathFromCallee | 0.path | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | assignedToPropName | path | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | calleeImports | http | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | receiverName | http | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | calleeImports | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | receiverName | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | calleeImports | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | receiverName | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | CalleeFlexibleAccessPath | parts.join | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | receiverName | parts | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | calleeImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | receiverName | app | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | calleeImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | receiverName | app | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | calleeImports | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionBody | req res m require req param module | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | receiverName | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | calleeImports | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionBody | req res m require req param module | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | receiverName | req | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | InputArgumentIndex | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | calleeImports | express | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | receiverName | app | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | calleeImports | express | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | receiverName | app | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | InputAccessPathFromCallee | 1.root | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | assignedToPropName | root | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | InputAccessPathFromCallee | 1.root | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | assignedToPropName | root | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | InputAccessPathFromCallee | 1.root | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | assignedToPropName | root | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | calleeImports | http | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | receiverName | http | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | CalleeFlexibleAccessPath | path.substr | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | CalleeFlexibleAccessPath | path.slice | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | calleeImports | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionBody | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionName | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | receiverName | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | receiverName | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | CalleeFlexibleAccessPath | parseTorrent | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | calleeImports | parse-torrent | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | contextSurroundingFunctionParameters | (dir, torrent) | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | enclosingFunctionName | getTorrentData | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | receiverName | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | InputArgumentIndex | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | calleeImports | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | contextSurroundingFunctionParameters | (dir, torrent) | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | enclosingFunctionName | getTorrentData | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | receiverName | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | calleeImports | fs | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | contextSurroundingFunctionParameters | (dir, torrent) | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | enclosingFunctionName | getTorrentData | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | receiverName | fs | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | calleeImports | http | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | receiverName | http | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | stringConcatenatedWith | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | CalleeFlexibleAccessPath | res.render | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | assignedToPropName | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | calleeImports | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | contextFunctionInterfaces | exports(req, res) | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | enclosingFunctionBody | req res res render req 0 params 0 | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | enclosingFunctionName | exports | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | fileImports | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | receiverName | res | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (event) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextSurroundingFunctionParameters | (event) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionBody | event document write event data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionName | addEventListener#functionalargument | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (?) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextSurroundingFunctionParameters | (?) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionBody | data document write data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionName | addEventListener#functionalargument | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextSurroundingFunctionParameters | (x, event, y) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextSurroundingFunctionParameters | (x, event, y) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextSurroundingFunctionParameters | (x, event, y) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | CalleeFlexibleAccessPath | window.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | receiverName | window | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | CalleeFlexibleAccessPath | window.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | receiverName | window | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | CalleeFlexibleAccessPath | foo.bind | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | receiverName | foo | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | CalleeFlexibleAccessPath | foo.bind | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | receiverName | foo | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | CalleeFlexibleAccessPath | foo.bind | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputAccessPathFromCallee | 1.data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | assignedToPropName | data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | CalleeFlexibleAccessPath | Component | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputAccessPathFromCallee | 0.selector | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | assignedToPropName | selector | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | calleeImports | @angular/core | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | CalleeFlexibleAccessPath | Component | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | InputAccessPathFromCallee | 0.templateUrl | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | assignedToPropName | templateUrl | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | calleeImports | @angular/core | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | CalleeFlexibleAccessPath | Component | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | InputAccessPathFromCallee | 0.styleUrls | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | assignedToPropName | styleUrls | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | calleeImports | @angular/core | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | CalleeFlexibleAccessPath | this.route.snapshot.paramMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | CalleeFlexibleAccessPath | this.route.snapshot.queryParamMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | CalleeFlexibleAccessPath | this.route.paramMap.subscribe | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | contextSurroundingFunctionParameters | ()\n(map) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | contextSurroundingFunctionParameters | ()\n(map) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | CalleeFlexibleAccessPath | map.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | contextSurroundingFunctionParameters | ()\n(map) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | receiverName | map | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | CalleeFlexibleAccessPath | this.route.snapshot.url.1.parameterMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | CalleeFlexibleAccessPath | this.sanitizer2.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | contextSurroundingFunctionParameters | (routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | enclosingFunctionBody | routeSnapshot ActivatedRouteSnapshot sanitizer bypassSecurityTrustHtml routeSnapshot paramMap get foo | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | enclosingFunctionName | someMethod | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | CalleeFlexibleAccessPath | routeSnapshot.paramMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | contextSurroundingFunctionParameters | (routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | enclosingFunctionBody | routeSnapshot ActivatedRouteSnapshot sanitizer bypassSecurityTrustHtml routeSnapshot paramMap get foo | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | enclosingFunctionName | someMethod | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | stringConcatenatedWith | 'click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | 'click' | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | enclosingFunctionBody | loc window location href $ click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | calleeImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | enclosingFunctionBody | loc window location href $ click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | fileImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | receiverName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | stringConcatenatedWith | 'click' | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | calleeImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | enclosingFunctionBody | loc window location href $ click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | fileImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | receiverName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | stringConcatenatedWith | 'A link | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '

    A link

    ' | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | contextFunctionInterfaces | onclick() | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | enclosingFunctionBody | parentNode innerHTML

    A link

    | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | enclosingFunctionName | onclick | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | calleeImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | contextFunctionInterfaces | onclick() | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | enclosingFunctionBody | parentNode innerHTML

    A link

    | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | enclosingFunctionName | onclick | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | fileImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | receiverName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | stringConcatenatedWith | '

    A link

    ' | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | calleeImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | contextFunctionInterfaces | onclick() | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | enclosingFunctionBody | parentNode innerHTML

    A link

    | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | enclosingFunctionName | onclick | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | fileImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | receiverName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | stringConcatenatedWith | '

    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "
    ' | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | stringConcatenatedWith | '
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | stringConcatenatedWith | -endpoint- location.toString() + '' | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | stringConcatenatedWith | '' + location.toString() -endpoint- | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | receiverName | document | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | calleeImports | express | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | receiverName | app | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | calleeImports | express | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | receiverName | app | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | CalleeFlexibleAccessPath | req.param | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | enclosingFunctionBody | req res taint req param wobble jwt verify taint my-secret-key err decoded JSDOM decoded foo runScripts dangerously | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | receiverName | req | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | CalleeFlexibleAccessPath | JSDOM | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | calleeImports | jsdom | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | contextSurroundingFunctionParameters | (req, res)\n(err, decoded) | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | enclosingFunctionBody | req res taint req param wobble jwt verify taint my-secret-key err decoded JSDOM decoded foo runScripts dangerously | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | receiverName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | InputAccessPathFromCallee | 1.data | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | assignedToPropName | data | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | receiverName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | contextSurroundingFunctionParameters | (data, xhr) | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | CalleeFlexibleAccessPath | $.jGrowl | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | contextSurroundingFunctionParameters | (data, xhr) | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | enclosingFunctionBody | data xhr decoded jwt_decode data $ jGrowl decoded | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | enclosingFunctionName | $.post#functionalargument | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | calleeImports | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | calleeImports | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | calleeImports | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | calleeImports | express | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | receiverName | app | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | CalleeFlexibleAccessPath | nodemailer.createTransport | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | receiverName | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | receiverName | transport | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | InputAccessPathFromCallee | 0.from | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | assignedToPropName | from | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | InputAccessPathFromCallee | 0.to | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | assignedToPropName | to | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | CalleeFlexibleAccessPath | backend.getUserEmail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | calleeImports | ./backend | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | receiverName | backend | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | InputAccessPathFromCallee | 0.subject | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | assignedToPropName | subject | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | InputAccessPathFromCallee | 0.text | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | assignedToPropName | text | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | assignedToPropName | html | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | CalleeFlexibleAccessPath | sanitizeBad | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | CalleeFlexibleAccessPath | sanitizeBad | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | CalleeFlexibleAccessPath | sanitizeBad | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | CalleeFlexibleAccessPath | createContext | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | InputAccessPathFromCallee | 0.root | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | assignedToPropName | root | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | calleeImports | react | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | receiverName | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | calleeImports | express | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | receiverName | app | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | CalleeFlexibleAccessPath | req.param | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | receiverName | req | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | assignedToPropName | html | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | assignedToPropName | html | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | CalleeFlexibleAccessPath | useContext | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | calleeImports | react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | enclosingFunctionBody | useContext MyContext | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | enclosingFunctionName | useMyContext | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | fileImports | ./react-create-context react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | CalleeFlexibleAccessPath | root.appendChild | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | enclosingFunctionBody | root useMyContext root appendChild window name | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | enclosingFunctionName | useDoc1 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | fileImports | ./react-create-context react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | receiverName | root | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | CalleeFlexibleAccessPath | root.appendChild | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | enclosingFunctionBody | root context root appendChild window name | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | enclosingFunctionName | foo | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | fileImports | ./react-create-context react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | receiverName | root | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | enclosingFunctionBody | state setState useState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | enclosingFunctionName | initialState | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | enclosingFunctionBody | state setState useState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | enclosingFunctionName | initialState | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | enclosingFunctionName | setStateValue | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | enclosingFunctionName | setStateValue | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | enclosingFunctionName | setStateValueLazy | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | enclosingFunctionName | setStateValueLazy | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | contextSurroundingFunctionParameters | ()\n(prev) | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | enclosingFunctionBody | state setState useState foo setState prev document body innerHTML prev setState window name | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | enclosingFunctionName | setStateValueLazy | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState safe setState also safe div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | enclosingFunctionName | setStateValueSafe | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | enclosingFunctionBody | state setState useState foo setState safe setState also safe div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | enclosingFunctionName | setStateValueSafe | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | " escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "' + escapeHtml() + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | stringConcatenatedWith | '    ' + escapeHtml() + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | stringConcatenatedWith | ' escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | stringConcatenatedWith | '' + escapeHtml() -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | stringConcatenatedWith | -endpoint- escapeAttr() + '
    ' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML     escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | stringConcatenatedWith | '
    ' + escapeAttr() -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | CalleeFlexibleAccessPath | regex.test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | receiverName | regex | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | CalleeFlexibleAccessPath | regex.test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | receiverName | regex | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | CalleeFlexibleAccessPath | regex.exec | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | receiverName | regex | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | CalleeFlexibleAccessPath | localStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | CalleeFlexibleAccessPath | localStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | CalleeFlexibleAccessPath | sessionStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | CalleeFlexibleAccessPath | localStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | CalleeFlexibleAccessPath | sessionStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | " something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "foobar' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | stringConcatenatedWith | 'foobar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | stringConcatenatedWith | ' something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | receiverName | href | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | " something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | stringConcatenatedWith | '" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | stringConcatenatedWith | 'foobar href indexOf " 1 $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | CalleeFlexibleAccessPath | href2.indexOf | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | receiverName | href2 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\nfoobar' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | stringConcatenatedWith | '\nfoobar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | stringConcatenatedWith | '\nfoobar href indexOf " 1 $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | CalleeFlexibleAccessPath | href3.indexOf | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | receiverName | href3 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n' + 'something' + '' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | stringConcatenatedWith | '\r\n' + 'something' + '' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | stringConcatenatedWith | '\r\n something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | stringConcatenatedWith | '\r\n' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | stringConcatenatedWith | '\r\n' + 'something' -endpoint- | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | CalleeFlexibleAccessPath | document.location.href.charCodeAt | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | receiverName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | CalleeFlexibleAccessPath | target.substring | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | receiverName | target | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | CalleeFlexibleAccessPath | searchParams.get | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | receiverName | searchParams | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | CalleeFlexibleAccessPath | searchParams.get | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | receiverName | searchParams | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | CalleeFlexibleAccessPath | window.location.search.substr | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | " document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "' | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | stringConcatenatedWith | '' | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | CalleeFlexibleAccessPath | document.location.href.substring | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | CalleeFlexibleAccessPath | document.location.href.indexOf | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '
    document location href substring document location href indexOf default= 8 document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | CalleeFlexibleAccessPath | parseInt | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | CalleeFlexibleAccessPath | params.get | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | receiverName | params | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | CalleeFlexibleAccessPath | target.substring | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | receiverName | target | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | CalleeFlexibleAccessPath | searchParams.get | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | receiverName | searchParams | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextSurroundingFunctionParameters | (target) | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionBody | target $ myId html target | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionName | foo | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextSurroundingFunctionParameters | (target) | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionBody | target $ myId html target | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionName | foo | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | CalleeFlexibleAccessPath | baz | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | enclosingFunctionBody | s
    s
    | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | enclosingFunctionName | wrap | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | stringConcatenatedWith | -endpoint- s + '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionBody | s
    s
    | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionName | wrap | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | enclosingFunctionBody | s
    s
    | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | enclosingFunctionName | wrap | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | stringConcatenatedWith | '
    ' + s -endpoint- | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | CalleeFlexibleAccessPath | s.substr | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionBody | s s s substr 1 | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionName | chop | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | receiverName | s | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionBody | s $ myId html s | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionName | dangerouslySetInnerHtml | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionBody | s $ myId html s | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionName | dangerouslySetInnerHtml | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionBody | x x $ myId html x | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionName | forEach#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionBody | x x $ myId html x | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionName | forEach#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | CalleeFlexibleAccessPath | angular.module().service | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | CalleeFlexibleAccessPath | angular.module().service | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsHtml | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsCss | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsUNKNOWN | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | CalleeFlexibleAccessPath | $other.trustAsHtml | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | receiverName | $other | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | CalleeFlexibleAccessPath | angular.module().service().service | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | CalleeFlexibleAccessPath | angular.module().service().service | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | CalleeFlexibleAccessPath | angular.element().html | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | CalleeFlexibleAccessPath | angular.element().html | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().service().service().directive | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | CalleeFlexibleAccessPath | angular.module().service().service().directive | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | CalleeFlexibleAccessPath | element.html | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextSurroundingFunctionParameters | ()\n(scope, element) | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionBody | link scope element element html document location search element html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionName | directive#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | receiverName | element | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | CalleeFlexibleAccessPath | element.html | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextSurroundingFunctionParameters | ()\n(scope, element) | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionBody | link scope element element html document location search element html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionName | directive#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | receiverName | element | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | CalleeFlexibleAccessPath | angular.module().service().service().directive().service | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | CalleeFlexibleAccessPath | angular.module().service().service().directive().service | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionBody | angular element document location search angular element SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionBody | angular element document location search angular element SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | CalleeFlexibleAccessPath | document.location.search.substr | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | CalleeFlexibleAccessPath | v.match | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | receiverName | v | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | CalleeFlexibleAccessPath | v.match | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | receiverName | v | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | CalleeFlexibleAccessPath | angular.module().factory | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(xssSinkService1) | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | CalleeFlexibleAccessPath | angular.module().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(xssSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | contextSurroundingFunctionParameters | ()\n(xssSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextSurroundingFunctionParameters | ()\n(xssSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(xssSinkService2) | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(innocentSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | contextSurroundingFunctionParameters | ()\n(innocentSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextSurroundingFunctionParameters | ()\n(innocentSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | CalleeFlexibleAccessPath | parser.parseFromString | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionName | testDOMParser | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | receiverName | parser | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | receiverName | React | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | receiverName | React | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML.__html | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | CalleeFlexibleAccessPath | React.createFactory | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | receiverName | React | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createFactory() | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createFactory() | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | CalleeFlexibleAccessPath | React.createFactory() | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML.__html | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | CalleeFlexibleAccessPath | this.setState | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextSurroundingFunctionParameters | ()\n()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | CalleeFlexibleAccessPath | this.setState | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | contextSurroundingFunctionParameters | ()\n()\n(prevState) | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState) | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState) | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | CalleeFlexibleAccessPath | this.setState | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | CalleeFlexibleAccessPath | super | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextSurroundingFunctionParameters | ()\n(props) | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionBody | $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionName | windowName | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionBody | $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionName | windowName | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionBody | name a b $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionName | windowNameAssigned | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionBody | name a b $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionName | windowNameAssigned | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | CalleeFlexibleAccessPath | range.selectNode | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | receiverName | range | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | CalleeFlexibleAccessPath | document.getElementsByTagName | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | CalleeFlexibleAccessPath | document.getElementsByTagName().item | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | CalleeFlexibleAccessPath | range.createContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | receiverName | range | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | CalleeFlexibleAccessPath | document.body.appendChild | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionBody | obj obj Math random window name p obj $ p | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionName | flowThroughPropertyNames | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | CalleeFlexibleAccessPath | Handlebars.SafeString | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionBody | Handlebars SafeString location | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionName | handlebarsSafeString | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target length | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionName | test2 | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionBody | target document location search $ myId html target length | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionName | test2 | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | CalleeFlexibleAccessPath | params.get | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | receiverName | params | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | CalleeFlexibleAccessPath | myUrl.get | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | receiverName | myUrl | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionName | hash | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | CalleeFlexibleAccessPath | getUrl().hash.substring | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionName | hash | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | CalleeFlexibleAccessPath | $.jGrowl | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionBody | target document location search $ jGrowl target | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionName | growl | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | receiverName | $ | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | CalleeFlexibleAccessPath | this.html | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | CalleeFlexibleAccessPath | this.each | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | CalleeFlexibleAccessPath | this.html | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | CalleeFlexibleAccessPath | document.location.href.split | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | CalleeFlexibleAccessPath | window.location.hash.substr | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | CalleeFlexibleAccessPath | window.location.hash.match | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | CalleeFlexibleAccessPath | window.location.hash.split | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | CalleeFlexibleAccessPath | Bloodhound | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | CalleeFlexibleAccessPath | Bloodhound | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | InputAccessPathFromCallee | ?.prefetch | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | assignedToPropName | prefetch | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | InputAccessPathFromCallee | 1.source | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | assignedToPropName | source | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | InputAccessPathFromCallee | 1.templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | assignedToPropName | templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | InputAccessPathFromCallee | 1.templates.suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | assignedToPropName | suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | contextSurroundingFunctionParameters | ()\n(loc) | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | contextSurroundingFunctionParameters | ()\n(loc) | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | InputAccessPathFromCallee | 1.name | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | assignedToPropName | name | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | InputAccessPathFromCallee | 1.source | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | assignedToPropName | source | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | contextSurroundingFunctionParameters | ()\n(query, cb) | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | InputAccessPathFromCallee | 1.templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | assignedToPropName | templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | InputAccessPathFromCallee | 1.templates.suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | assignedToPropName | suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | contextSurroundingFunctionParameters | ()\n(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | stringConcatenatedWith | '
    ' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | stringConcatenatedWith | '
    ' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | CalleeFlexibleAccessPath | ?.concat | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | stringConcatenatedWith | '
    ' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | stringConcatenatedWith | '
    ` | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 |
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 |
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | stringConcatenatedWith | '
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | CalleeFlexibleAccessPath | ?.concat | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | stringConcatenatedWith | '
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | stringConcatenatedWith | '
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | stringConcatenatedWith | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | stringConcatenatedWith | '
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | stringConcatenatedWith | '
    ' + content -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | CalleeFlexibleAccessPath | ?.concat | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | stringConcatenatedWith | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | stringConcatenatedWith | '
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | CalleeFlexibleAccessPath | document.location.search.substring | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | contextFunctionInterfaces | test(elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | contextSurroundingFunctionParameters | (elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | CalleeFlexibleAccessPath | WinJS.Utilities.setInnerHTMLUnsafe | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | contextFunctionInterfaces | test(elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | contextSurroundingFunctionParameters | (elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | CalleeFlexibleAccessPath | WinJS.Utilities.setOuterHTMLUnsafe | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | contextFunctionInterfaces | test(elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | contextSurroundingFunctionParameters | (elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | CalleeFlexibleAccessPath | $().ready | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | CalleeFlexibleAccessPath | xhr.open | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | receiverName | xhr | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | CalleeFlexibleAccessPath | xhr.setRequestHeader | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | receiverName | xhr | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | CalleeFlexibleAccessPath | xhr.setRequestHeader | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | receiverName | xhr | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | receiverName | console | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | receiverName | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputAccessPathFromCallee | 0.type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | assignedToPropName | type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | receiverName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputAccessPathFromCallee | 0.additionalProperties | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | assignedToPropName | additionalProperties | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | receiverName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputAccessPathFromCallee | 0.additionalProperties.type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | assignedToPropName | type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | receiverName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | receiverName | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | receiverName | app | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | InputAccessPathFromCallee | 0.prop | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | assignedToPropName | prop | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | CalleeFlexibleAccessPath | safe.call | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | receiverName | safe | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe.call | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | receiverName | safe | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | CalleeFlexibleAccessPath | foo.match | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | receiverName | foo | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | enclosingFunctionBody | req res unknown req params id e res send Exception: e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | receiverName | sessionStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | receiverName | sessionStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | CalleeFlexibleAccessPath | sessionStorage.getItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | receiverName | sessionStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | contextSurroundingFunctionParameters | ()\n(resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | contextSurroundingFunctionParameters | ()\n(resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | CalleeFlexibleAccessPath | Promise().catch | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | contextSurroundingFunctionParameters | (tainted, resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | contextSurroundingFunctionParameters | (tainted, resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | CalleeFlexibleAccessPath | Promise().catch | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | CalleeFlexibleAccessPath | _.pick | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | receiverName | _ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | CalleeFlexibleAccessPath | _.pick | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | receiverName | _ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | CalleeFlexibleAccessPath | $.val | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | receiverName | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | receiverName | console | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | CalleeFlexibleAccessPath | log.info | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | receiverName | log | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | CalleeFlexibleAccessPath | localStorage.setItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | receiverName | localStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | CalleeFlexibleAccessPath | unified().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | CalleeFlexibleAccessPath | unified().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | CalleeFlexibleAccessPath | unified().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | CalleeFlexibleAccessPath | unified().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | CalleeFlexibleAccessPath | unified().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputAccessPathFromCallee | 1.title | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | assignedToPropName | title | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | CalleeFlexibleAccessPath | unified().use().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | CalleeFlexibleAccessPath | unified().use().use().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | CalleeFlexibleAccessPath | remark().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | calleeImports | remark | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | CalleeFlexibleAccessPath | remark().use().processSync | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | calleeImports | remark | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | CalleeFlexibleAccessPath | unified().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | assignedToPropName | html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | assignedToPropName | html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | CalleeFlexibleAccessPath | import(!)().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | CalleeFlexibleAccessPath | markdownIt2.render | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | receiverName | markdownIt2 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | CalleeFlexibleAccessPath | markdownIt.use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | receiverName | markdownIt | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | CalleeFlexibleAccessPath | markdownIt.use().render | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | CalleeFlexibleAccessPath | markdownIt.use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | receiverName | markdownIt | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | CalleeFlexibleAccessPath | markdownIt.use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO: req params id res send FOO: req params id res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO: req params id res send FOO: req params id res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO: req params id res send FOO: req params id res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | enclosingFunctionBody | req res err res statusCode 404 res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | enclosingFunctionBody | req res err res statusCode 404 res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | InputAccessPathFromCallee | 0.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO: req params id res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | InputAccessPathFromCallee | 0.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO: req params id res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | CalleeFlexibleAccessPath | myFancyFunction | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO: req params id res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | CalleeFlexibleAccessPath | import(!).createServer | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | calleeImports | http | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | contextSurroundingFunctionParameters | (req, resp) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | CalleeFlexibleAccessPath | resp.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | contextSurroundingFunctionParameters | (resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | enclosingFunctionName | sendTextResponse | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | receiverName | resp | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | CalleeFlexibleAccessPath | resp.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | contextSurroundingFunctionParameters | (resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | enclosingFunctionName | sendTextResponse | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | receiverName | resp | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | CalleeFlexibleAccessPath | resp.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | InputAccessPathFromCallee | 1.content-type | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | assignedToPropName | content-type | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | contextSurroundingFunctionParameters | (resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | enclosingFunctionName | sendTextResponse | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | stringConcatenatedWith | '' -endpoint- | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | stringConcatenatedWith | '' -endpoint- | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | CalleeFlexibleAccessPath | value.charCodeAt | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | CalleeFlexibleAccessPath | s.chatAt | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | enclosingFunctionBody | s buf i s length ch s chatAt i ch & buf & < buf < " buf " buf ch buf | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | enclosingFunctionName | escapeHtml4 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | receiverName | s | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | CalleeFlexibleAccessPath | res.render | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | enclosingFunctionBody | req res isValidUserId req params id res render invalidUserIdTemplate id req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | CalleeFlexibleAccessPath | res.render | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | InputAccessPathFromCallee | 1.id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | assignedToPropName | id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | enclosingFunctionBody | req res isValidUserId req params id res render invalidUserIdTemplate id req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type text/plain res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type text/plain res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type textContentType res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type textContentType res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | CalleeFlexibleAccessPath | ?.exec | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | enclosingFunctionBody | req res url req params id /["'&<>]/ exec url res send url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | CalleeFlexibleAccessPath | ?.exec | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | contextSurroundingFunctionParameters | (str) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | enclosingFunctionBody | str /["'&<>]/ exec str str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | calleeImports | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | receiverName | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | CalleeFlexibleAccessPath | app.use | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | calleeImports | express | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | receiverName | app | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | receiverName | app | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | calleeImports | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | receiverName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | receiverName | app | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | enclosingFunctionBody | req res evil req query evil res send console log
    %s
    evil res send util format
    %s
    evil res send require printf
    %s
    evil | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | receiverName | console | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | enclosingFunctionBody | req res evil req query evil res send console log
    %s
    evil res send util format
    %s
    evil res send require printf
    %s
    evil | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | receiverName | console | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | enclosingFunctionBody | req res evil req query evil res send console log
    %s
    evil res send util format
    %s
    evil res send require printf
    %s
    evil | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | CalleeFlexibleAccessPath | res.send | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextFunctionInterfaces | handler(req, res) | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | enclosingFunctionBody | req res res send req url | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | enclosingFunctionName | handler | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | fileImports | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | receiverName | res | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | CalleeFlexibleAccessPath | sendResponse.bind | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | enclosingFunctionBody | req res sendResponse x y res send x y callback sendResponse bind null req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | receiverName | sendResponse | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | CalleeFlexibleAccessPath | sendResponse.bind | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback sendResponse bind null req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | receiverName | sendResponse | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | CalleeFlexibleAccessPath | underscore.partial | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | calleeImports | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback underscore partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | receiverName | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | CalleeFlexibleAccessPath | underscore.partial | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | calleeImports | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback underscore partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | receiverName | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | CalleeFlexibleAccessPath | lodash.partial | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | calleeImports | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback lodash partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | receiverName | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | CalleeFlexibleAccessPath | lodash.partial | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | calleeImports | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback lodash partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | receiverName | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | CalleeFlexibleAccessPath | R.partial | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | calleeImports | ramda | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | receiverName | R | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | CalleeFlexibleAccessPath | R.partial | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | calleeImports | ramda | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | receiverName | R | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | CalleeFlexibleAccessPath | getFirst.bind | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | enclosingFunctionBody | req res getFirst x y x callback getFirst bind null req url res send callback res send callback res send getFirst Hello | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | receiverName | getFirst | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | CalleeFlexibleAccessPath | getFirst.bind | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | enclosingFunctionBody | req res getFirst x y x callback getFirst bind null req url res send callback res send callback res send getFirst Hello | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | receiverName | getFirst | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | receiverName | app | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | CalleeFlexibleAccessPath | resolve | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(resolve, reject) | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | CalleeFlexibleAccessPath | Promise().then | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | contextSurroundingFunctionParameters | (req, res)\n(x) | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | CalleeFlexibleAccessPath | resolve | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(resolve, reject) | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | CalleeFlexibleAccessPath | Promise().then | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | contextSurroundingFunctionParameters | (req, res)\n(x) | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | CalleeFlexibleAccessPath | Promise().then().then | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | contextSurroundingFunctionParameters | (req, res)\n(x) | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | enclosingFunctionBody | req res fs readdir /myDir error files1 res send files1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | contextSurroundingFunctionParameters | (req, res)\n(error, files1) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | enclosingFunctionBody | req res fs readdir /myDir error files1 res send files1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | calleeImports | http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | receiverName | http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | CalleeFlexibleAccessPath | files2.sort | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | contextSurroundingFunctionParameters | (files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | receiverName | files2 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | CalleeFlexibleAccessPath | files2.sort().forEach | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | stringConcatenatedWith | -endpoint- file + '
    • ' | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | stringConcatenatedWith | '
  • ' -endpoint- '
    • ' | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | stringConcatenatedWith | '
  • ' + file -endpoint- | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | contextSurroundingFunctionParameters | (req, res)\n(error, files1) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | CalleeFlexibleAccessPath | files1.forEach | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | contextSurroundingFunctionParameters | (req, res)\n(error, files1)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | receiverName | files1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | CalleeFlexibleAccessPath | parseTorrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | calleeImports | parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | enclosingFunctionBody | req res torrent parseTorrent unknown name torrent name res send name | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | CalleeFlexibleAccessPath | define | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextSurroundingFunctionParameters | (factory) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextSurroundingFunctionParameters | (factory) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextSurroundingFunctionParameters | (factory) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | stringConcatenatedWith | -endpoint- $.trim() + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | calleeImports | jquery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | CalleeFlexibleAccessPath | $.trim | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | calleeImports | jquery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | receiverName | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | stringConcatenatedWith | '' + $.trim() -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionName | xssThroughXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionName | xssThroughXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | CalleeFlexibleAccessPath | document.querySelector().appendChild | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionName | xssThroughXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | CalleeFlexibleAccessPath | document.createElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | CalleeFlexibleAccessPath | tmp.appendChild | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | receiverName | tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | CalleeFlexibleAccessPath | document.querySelector().appendChild | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | calleeImports | markdown-it | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | assignedToPropName | html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | calleeImports | markdown-it | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionName | xssThroughMarkdown | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionName | xssThroughMarkdown | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionName | xssThroughMarkdown | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | assignedToPropName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionName | plainDOMXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | stringConcatenatedWith | -endpoint- this.step + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | stringConcatenatedWith | '' + this.step -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextSurroundingFunctionParameters | (options) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | receiverName | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextSurroundingFunctionParameters | (options) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | receiverName | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | CalleeFlexibleAccessPath | this.each | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | stringConcatenatedWith | -endpoint- settings.name + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | stringConcatenatedWith | '' + settings.name -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | CalleeFlexibleAccessPath | $().appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "\\"" document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "\\""' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | stringConcatenatedWith | '' + attrVal -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "\\"" document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "\\""' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | stringConcatenatedWith | '' + attrVal.replace() -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | receiverName | attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | CalleeFlexibleAccessPath | attrVal.indexOf | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | receiverName | attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "\\"" document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "\\""' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | stringConcatenatedWith | '' + attrVal -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | stringConcatenatedWith | -endpoint- obj.spanTemplate + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | stringConcatenatedWith | '' + obj.spanTemplate -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | CalleeFlexibleAccessPath | document.implementation.createHTMLDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | CalleeFlexibleAccessPath | $().appendTo | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | receiverName | console | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | CalleeFlexibleAccessPath | safe.has | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | receiverName | safe | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | InputAccessPathFromCallee | 0.menu | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | assignedToPropName | menu | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputAccessPathFromCallee | 0.target | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | assignedToPropName | target | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputArgumentIndex | 2 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | InputAccessPathFromCallee | 1.my_plugin | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | assignedToPropName | my_plugin | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | stringConcatenatedWith | -endpoint- | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | stringConcatenatedWith | -endpoint- options.target + '
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | stringConcatenatedWith | '
    ' + options.target -endpoint- | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | stringConcatenatedWith | -endpoint- ? | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | stringConcatenatedWith | '
    ' -endpoint- | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 |
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | stringConcatenatedWith | '
    ({ name: '' }) | CalleeFlexibleAccessPath | withFormik | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | InputAccessPathFromCallee | 0.mapPropsToValues | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | assignedToPropName | mapPropsToValues | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | CalleeFlexibleAccessPath | withFormik | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | InputAccessPathFromCallee | 0.validate | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | assignedToPropName | validate | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | contextSurroundingFunctionParameters | (values) | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | contextSurroundingFunctionParameters | (values) | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | enclosingFunctionBody | values $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | enclosingFunctionName | validate | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | contextSurroundingFunctionParameters | (values) | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | enclosingFunctionBody | values $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | enclosingFunctionName | validate | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | CalleeFlexibleAccessPath | withFormik | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | InputAccessPathFromCallee | 0.handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | assignedToPropName | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | contextSurroundingFunctionParameters | (values, ?) | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | contextSurroundingFunctionParameters | (values, ?) | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | enclosingFunctionBody | values setSubmitting $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | enclosingFunctionName | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | contextSurroundingFunctionParameters | (values, ?) | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | enclosingFunctionBody | values setSubmitting $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | enclosingFunctionName | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | CalleeFlexibleAccessPath | withFormik() | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | contextSurroundingFunctionParameters | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | contextSurroundingFunctionParameters | ()\n(values) | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | enclosingFunctionBody | Form onSubmit values $ #id html values stooge initialValues stooge larry employed false render handleSubmit form submitting pristine values form onSubmit handleSubmit \n input type text name stooge \n | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | enclosingFunctionName | App | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | contextSurroundingFunctionParameters | ()\n(values) | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | enclosingFunctionBody | Form onSubmit values $ #id html values stooge initialValues stooge larry employed false render handleSubmit form submitting pristine values form onSubmit handleSubmit \n input type text name stooge \n | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | enclosingFunctionName | App | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | contextSurroundingFunctionParameters | (e) | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | enclosingFunctionBody | e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | enclosingFunctionName | plainSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | contextSurroundingFunctionParameters | (e) | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | enclosingFunctionBody | e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | enclosingFunctionName | plainSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | contextSurroundingFunctionParameters | ()\n(data) | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | contextSurroundingFunctionParameters | ()\n(data) | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | CalleeFlexibleAccessPath | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | calleeImports | react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | CalleeFlexibleAccessPath | register | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | calleeImports | react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | CalleeFlexibleAccessPath | register | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | InputAccessPathFromCallee | 0.required | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | assignedToPropName | required | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | calleeImports | react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | enclosingFunctionBody | register getValues useForm form \n input name name ref register \n button type button onClick values getValues $ #id html values name \n \n | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | enclosingFunctionName | HookForm2 | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | enclosingFunctionBody | register getValues useForm form \n input name name ref register \n button type button onClick values getValues $ #id html values name \n \n | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | enclosingFunctionName | HookForm2 | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | receiverName | document | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | CalleeFlexibleAccessPath | document.querySelector().addEventListener | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | CalleeFlexibleAccessPath | document.querySelector().addEventListener | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | receiverName | document | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputArgumentIndex | 1 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputAccessPathFromCallee | 0.foo | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | assignedToPropName | foo | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | CalleeFlexibleAccessPath | document.querySelectorAll | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | CalleeFlexibleAccessPath | document.getElementById().getAttribute | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | stringConcatenatedWith | -endpoint- something() + '

    ' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | stringConcatenatedWith | '

    ' -endpoint- '

    ' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | stringConcatenatedWith | '

    ' + something() -endpoint- | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | CalleeFlexibleAccessPath | base.? | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | receiverName | base | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | CalleeFlexibleAccessPath | $().get().getAttribute | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | CalleeFlexibleAccessPath | $().getAttribute | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | CalleeFlexibleAccessPath | $().find | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | CalleeFlexibleAccessPath | $().find().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | CalleeFlexibleAccessPath | $().find | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | CalleeFlexibleAccessPath | $().find().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | CalleeFlexibleAccessPath | $.jGrowl | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | receiverName | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | CalleeFlexibleAccessPath | $().prop | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | CalleeFlexibleAccessPath | $().each | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | " something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "Section' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | stringConcatenatedWith | 'Section' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | stringConcatenatedWith | ' 100 ... ENERAL' | CalleeFlexibleAccessPath | o.error | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | CalleeFlexibleAccessPath | o.error.call | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputAccessPathFromCallee | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputArgumentIndex | 0 | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputArgumentIndex | 1 | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | assignedToPropName | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | calleeImports | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | contextSurroundingFunctionParameters | () | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | enclosingFunctionName | ready | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | fileImports | child_process fs mongoose underscore | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | receiverName | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | stringConcatenatedWith | | -| index.js:46:72:46:72 | x | CalleeFlexibleAccessPath | o.error | -| index.js:46:72:46:72 | x | CalleeFlexibleAccessPath | o.error.call | -| index.js:46:72:46:72 | x | InputAccessPathFromCallee | | -| index.js:46:72:46:72 | x | InputArgumentIndex | 1 | -| index.js:46:72:46:72 | x | InputArgumentIndex | 2 | -| index.js:46:72:46:72 | x | assignedToPropName | | -| index.js:46:72:46:72 | x | calleeImports | | -| index.js:46:72:46:72 | x | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:46:72:46:72 | x | contextSurroundingFunctionParameters | () | -| index.js:46:72:46:72 | x | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:46:72:46:72 | x | enclosingFunctionName | ready | -| index.js:46:72:46:72 | x | fileImports | child_process fs mongoose underscore | -| index.js:46:72:46:72 | x | receiverName | | -| index.js:46:72:46:72 | x | stringConcatenatedWith | | -| index.js:46:75:46:75 | o | CalleeFlexibleAccessPath | o.error | -| index.js:46:75:46:75 | o | CalleeFlexibleAccessPath | o.error.call | -| index.js:46:75:46:75 | o | InputAccessPathFromCallee | | -| index.js:46:75:46:75 | o | InputArgumentIndex | 2 | -| index.js:46:75:46:75 | o | InputArgumentIndex | 3 | -| index.js:46:75:46:75 | o | assignedToPropName | | -| index.js:46:75:46:75 | o | calleeImports | | -| index.js:46:75:46:75 | o | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:46:75:46:75 | o | contextSurroundingFunctionParameters | () | -| index.js:46:75:46:75 | o | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:46:75:46:75 | o | enclosingFunctionName | ready | -| index.js:46:75:46:75 | o | fileImports | child_process fs mongoose underscore | -| index.js:46:75:46:75 | o | receiverName | | -| index.js:46:75:46:75 | o | stringConcatenatedWith | | -| index.js:50:15:50:19 | ready | CalleeFlexibleAccessPath | w.setTimeout | -| index.js:50:15:50:19 | ready | InputAccessPathFromCallee | | -| index.js:50:15:50:19 | ready | InputArgumentIndex | 0 | -| index.js:50:15:50:19 | ready | assignedToPropName | | -| index.js:50:15:50:19 | ready | calleeImports | | -| index.js:50:15:50:19 | ready | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:50:15:50:19 | ready | contextSurroundingFunctionParameters | () | -| index.js:50:15:50:19 | ready | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:50:15:50:19 | ready | enclosingFunctionName | ready | -| index.js:50:15:50:19 | ready | fileImports | child_process fs mongoose underscore | -| index.js:50:15:50:19 | ready | receiverName | w | -| index.js:50:15:50:19 | ready | stringConcatenatedWith | | -| index.js:50:22:50:23 | 10 | CalleeFlexibleAccessPath | w.setTimeout | -| index.js:50:22:50:23 | 10 | InputAccessPathFromCallee | | -| index.js:50:22:50:23 | 10 | InputArgumentIndex | 1 | -| index.js:50:22:50:23 | 10 | assignedToPropName | | -| index.js:50:22:50:23 | 10 | calleeImports | | -| index.js:50:22:50:23 | 10 | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:50:22:50:23 | 10 | contextSurroundingFunctionParameters | () | -| index.js:50:22:50:23 | 10 | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:50:22:50:23 | 10 | enclosingFunctionName | ready | -| index.js:50:22:50:23 | 10 | fileImports | child_process fs mongoose underscore | -| index.js:50:22:50:23 | 10 | receiverName | w | -| index.js:50:22:50:23 | 10 | stringConcatenatedWith | | diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref deleted file mode 100644 index 546ff7249d3..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref +++ /dev/null @@ -1 +0,0 @@ -extraction/ExtractEndpointDataEvaluation.ql diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected deleted file mode 100644 index 23dece7ac94..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected +++ /dev/null @@ -1,530 +0,0 @@ -endpoints -| index.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| index.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| index.js:3:29:3:34 | 'User' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:3:29:3:34 | 'User' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | SqlInjection | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | SqlInjection | sinkLabel | Unknown | string | -| index.js:3:29:3:34 | 'User' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | TaintedPath | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | TaintedPath | sinkLabel | Unknown | string | -| index.js:3:29:3:34 | 'User' | Xss | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | Xss | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | Xss | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | NosqlInjection | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | NosqlInjection | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | SqlInjection | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | SqlInjection | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | TaintedPath | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | TaintedPath | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | Xss | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | Xss | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | Xss | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | sinkLabel | Unknown | string | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | hasFlowFromSource | true | boolean | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | sinkLabel | Sink | string | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | sinkLabel | Unknown | string | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | sinkLabel | Unknown | string | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | isConstantExpression | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | sinkLabel | Unknown | string | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | sinkLabel | NotASink | string | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | sinkLabel | NotASink | string | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | sinkLabel | NotASink | string | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | sinkLabel | NotASink | string | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | sinkLabel | Sink | string | -| index.js:20:26:20:29 | true | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:20:26:20:29 | true | SqlInjection | isConstantExpression | true | boolean | -| index.js:20:26:20:29 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:26:20:29 | true | SqlInjection | sinkLabel | Unknown | string | -| index.js:20:26:20:29 | true | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:20:26:20:29 | true | TaintedPath | isConstantExpression | true | boolean | -| index.js:20:26:20:29 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:26:20:29 | true | TaintedPath | sinkLabel | Unknown | string | -| index.js:20:26:20:29 | true | Xss | hasFlowFromSource | false | boolean | -| index.js:20:26:20:29 | true | Xss | isConstantExpression | true | boolean | -| index.js:20:26:20:29 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:26:20:29 | true | Xss | sinkLabel | Unknown | string | -| index.js:24:13:24:22 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:24:13:24:22 | "constant" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:24:13:24:22 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:24:13:24:22 | "constant" | NosqlInjection | sinkLabel | Sink | string | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isConstantExpression | false | boolean | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | sinkLabel | Sink | string | -| index.js:32:15:32:24 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | NosqlInjection | sinkLabel | NotASink | string | -| index.js:32:15:32:24 | "someData" | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | SqlInjection | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | SqlInjection | sinkLabel | NotASink | string | -| index.js:32:15:32:24 | "someData" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | TaintedPath | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | TaintedPath | sinkLabel | NotASink | string | -| index.js:32:15:32:24 | "someData" | Xss | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | Xss | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | Xss | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | Xss | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | NosqlInjection | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | SqlInjection | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | SqlInjection | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | TaintedPath | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | TaintedPath | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | Xss | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | Xss | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | Xss | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | Xss | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | Xss | sinkLabel | NotASink | string | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | sinkLabel | Sink | string | -| index.js:78:30:78:39 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | NosqlInjection | sinkLabel | NotASink | string | -| index.js:78:30:78:39 | "someData" | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | SqlInjection | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | SqlInjection | sinkLabel | NotASink | string | -| index.js:78:30:78:39 | "someData" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | TaintedPath | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | TaintedPath | sinkLabel | NotASink | string | -| index.js:78:30:78:39 | "someData" | Xss | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | Xss | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string | -tokenFeatures -| index.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| index.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| index.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| index.js:1:25:1:33 | "express" | assignedToPropName | | -| index.js:1:25:1:33 | "express" | calleeImports | | -| index.js:1:25:1:33 | "express" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| index.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| index.js:1:25:1:33 | "express" | enclosingFunctionName | | -| index.js:1:25:1:33 | "express" | fileImports | express mongoose | -| index.js:1:25:1:33 | "express" | receiverName | | -| index.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| index.js:2:26:2:35 | 'mongoose' | CalleeFlexibleAccessPath | require | -| index.js:2:26:2:35 | 'mongoose' | InputAccessPathFromCallee | | -| index.js:2:26:2:35 | 'mongoose' | InputArgumentIndex | 0 | -| index.js:2:26:2:35 | 'mongoose' | assignedToPropName | | -| index.js:2:26:2:35 | 'mongoose' | calleeImports | | -| index.js:2:26:2:35 | 'mongoose' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:2:26:2:35 | 'mongoose' | contextSurroundingFunctionParameters | | -| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionBody | | -| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionName | | -| index.js:2:26:2:35 | 'mongoose' | fileImports | express mongoose | -| index.js:2:26:2:35 | 'mongoose' | receiverName | | -| index.js:2:26:2:35 | 'mongoose' | stringConcatenatedWith | | -| index.js:3:29:3:34 | 'User' | CalleeFlexibleAccessPath | mongoose.model | -| index.js:3:29:3:34 | 'User' | InputAccessPathFromCallee | | -| index.js:3:29:3:34 | 'User' | InputArgumentIndex | 0 | -| index.js:3:29:3:34 | 'User' | assignedToPropName | | -| index.js:3:29:3:34 | 'User' | calleeImports | mongoose | -| index.js:3:29:3:34 | 'User' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:3:29:3:34 | 'User' | contextSurroundingFunctionParameters | | -| index.js:3:29:3:34 | 'User' | enclosingFunctionBody | | -| index.js:3:29:3:34 | 'User' | enclosingFunctionName | | -| index.js:3:29:3:34 | 'User' | fileImports | express mongoose | -| index.js:3:29:3:34 | 'User' | receiverName | mongoose | -| index.js:3:29:3:34 | 'User' | stringConcatenatedWith | | -| index.js:3:37:3:40 | null | CalleeFlexibleAccessPath | mongoose.model | -| index.js:3:37:3:40 | null | InputAccessPathFromCallee | | -| index.js:3:37:3:40 | null | InputArgumentIndex | 1 | -| index.js:3:37:3:40 | null | assignedToPropName | | -| index.js:3:37:3:40 | null | calleeImports | mongoose | -| index.js:3:37:3:40 | null | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:3:37:3:40 | null | contextSurroundingFunctionParameters | | -| index.js:3:37:3:40 | null | enclosingFunctionBody | | -| index.js:3:37:3:40 | null | enclosingFunctionName | | -| index.js:3:37:3:40 | null | fileImports | express mongoose | -| index.js:3:37:3:40 | null | receiverName | mongoose | -| index.js:3:37:3:40 | null | stringConcatenatedWith | | -| index.js:8:12:8:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post | -| index.js:8:12:8:21 | '/isAdmin' | InputAccessPathFromCallee | | -| index.js:8:12:8:21 | '/isAdmin' | InputArgumentIndex | 0 | -| index.js:8:12:8:21 | '/isAdmin' | assignedToPropName | | -| index.js:8:12:8:21 | '/isAdmin' | calleeImports | express | -| index.js:8:12:8:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:8:12:8:21 | '/isAdmin' | contextSurroundingFunctionParameters | () | -| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToSink | -| index.js:8:12:8:21 | '/isAdmin' | fileImports | express mongoose | -| index.js:8:12:8:21 | '/isAdmin' | receiverName | app | -| index.js:8:12:8:21 | '/isAdmin' | stringConcatenatedWith | | -| index.js:8:24:10:3 | (req, r ... });\\n } | CalleeFlexibleAccessPath | app.post | -| index.js:8:24:10:3 | (req, r ... });\\n } | InputAccessPathFromCallee | | -| index.js:8:24:10:3 | (req, r ... });\\n } | InputArgumentIndex | 1 | -| index.js:8:24:10:3 | (req, r ... });\\n } | assignedToPropName | | -| index.js:8:24:10:3 | (req, r ... });\\n } | calleeImports | express | -| index.js:8:24:10:3 | (req, r ... });\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:8:24:10:3 | (req, r ... });\\n } | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:8:24:10:3 | (req, r ... });\\n } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:8:24:10:3 | (req, r ... });\\n } | enclosingFunctionName | flowFromSourceToSink | -| index.js:8:24:10:3 | (req, r ... });\\n } | fileImports | express mongoose | -| index.js:8:24:10:3 | (req, r ... });\\n } | receiverName | app | -| index.js:8:24:10:3 | (req, r ... });\\n } | stringConcatenatedWith | | -| index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find | -| index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee | | -| index.js:9:15:9:45 | { 'isAd ... Admin } | InputArgumentIndex | 0 | -| index.js:9:15:9:45 | { 'isAd ... Admin } | assignedToPropName | | -| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeImports | mongoose | -| index.js:9:15:9:45 | { 'isAd ... Admin } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:9:15:9:45 | { 'isAd ... Admin } | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionName | flowFromSourceToSink | -| index.js:9:15:9:45 | { 'isAd ... Admin } | fileImports | express mongoose | -| index.js:9:15:9:45 | { 'isAd ... Admin } | receiverName | User | -| index.js:9:15:9:45 | { 'isAd ... Admin } | stringConcatenatedWith | | -| index.js:9:28:9:43 | req.body.isAdmin | CalleeFlexibleAccessPath | User.find | -| index.js:9:28:9:43 | req.body.isAdmin | InputAccessPathFromCallee | 0.isAdmin | -| index.js:9:28:9:43 | req.body.isAdmin | InputArgumentIndex | 0 | -| index.js:9:28:9:43 | req.body.isAdmin | assignedToPropName | isAdmin | -| index.js:9:28:9:43 | req.body.isAdmin | calleeImports | mongoose | -| index.js:9:28:9:43 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:9:28:9:43 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToSink | -| index.js:9:28:9:43 | req.body.isAdmin | fileImports | express mongoose | -| index.js:9:28:9:43 | req.body.isAdmin | receiverName | | -| index.js:9:28:9:43 | req.body.isAdmin | stringConcatenatedWith | | -| index.js:14:12:14:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post | -| index.js:14:12:14:21 | '/isAdmin' | InputAccessPathFromCallee | | -| index.js:14:12:14:21 | '/isAdmin' | InputArgumentIndex | 0 | -| index.js:14:12:14:21 | '/isAdmin' | assignedToPropName | | -| index.js:14:12:14:21 | '/isAdmin' | calleeImports | express | -| index.js:14:12:14:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:14:12:14:21 | '/isAdmin' | contextSurroundingFunctionParameters | () | -| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin | -| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToNotASink | -| index.js:14:12:14:21 | '/isAdmin' | fileImports | express mongoose | -| index.js:14:12:14:21 | '/isAdmin' | receiverName | app | -| index.js:14:12:14:21 | '/isAdmin' | stringConcatenatedWith | | -| index.js:14:24:16:3 | (req, r ... n);\\n } | CalleeFlexibleAccessPath | app.post | -| index.js:14:24:16:3 | (req, r ... n);\\n } | InputAccessPathFromCallee | | -| index.js:14:24:16:3 | (req, r ... n);\\n } | InputArgumentIndex | 1 | -| index.js:14:24:16:3 | (req, r ... n);\\n } | assignedToPropName | | -| index.js:14:24:16:3 | (req, r ... n);\\n } | calleeImports | express | -| index.js:14:24:16:3 | (req, r ... n);\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:14:24:16:3 | (req, r ... n);\\n } | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:14:24:16:3 | (req, r ... n);\\n } | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin | -| index.js:14:24:16:3 | (req, r ... n);\\n } | enclosingFunctionName | flowFromSourceToNotASink | -| index.js:14:24:16:3 | (req, r ... n);\\n } | fileImports | express mongoose | -| index.js:14:24:16:3 | (req, r ... n);\\n } | receiverName | app | -| index.js:14:24:16:3 | (req, r ... n);\\n } | stringConcatenatedWith | | -| index.js:15:17:15:32 | req.body.isAdmin | CalleeFlexibleAccessPath | console.log | -| index.js:15:17:15:32 | req.body.isAdmin | InputAccessPathFromCallee | | -| index.js:15:17:15:32 | req.body.isAdmin | InputArgumentIndex | 0 | -| index.js:15:17:15:32 | req.body.isAdmin | assignedToPropName | | -| index.js:15:17:15:32 | req.body.isAdmin | calleeImports | | -| index.js:15:17:15:32 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:15:17:15:32 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin | -| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToNotASink | -| index.js:15:17:15:32 | req.body.isAdmin | fileImports | express mongoose | -| index.js:15:17:15:32 | req.body.isAdmin | receiverName | console | -| index.js:15:17:15:32 | req.body.isAdmin | stringConcatenatedWith | | -| index.js:20:13:20:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find | -| index.js:20:13:20:31 | { 'isAdmin': true } | InputAccessPathFromCallee | | -| index.js:20:13:20:31 | { 'isAdmin': true } | InputArgumentIndex | 0 | -| index.js:20:13:20:31 | { 'isAdmin': true } | assignedToPropName | | -| index.js:20:13:20:31 | { 'isAdmin': true } | calleeImports | mongoose | -| index.js:20:13:20:31 | { 'isAdmin': true } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:20:13:20:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () | -| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true | -| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionName | notFlowFromSource | -| index.js:20:13:20:31 | { 'isAdmin': true } | fileImports | express mongoose | -| index.js:20:13:20:31 | { 'isAdmin': true } | receiverName | User | -| index.js:20:13:20:31 | { 'isAdmin': true } | stringConcatenatedWith | | -| index.js:20:26:20:29 | true | CalleeFlexibleAccessPath | User.find | -| index.js:20:26:20:29 | true | InputAccessPathFromCallee | 0.isAdmin | -| index.js:20:26:20:29 | true | InputArgumentIndex | 0 | -| index.js:20:26:20:29 | true | assignedToPropName | isAdmin | -| index.js:20:26:20:29 | true | calleeImports | mongoose | -| index.js:20:26:20:29 | true | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:20:26:20:29 | true | contextSurroundingFunctionParameters | () | -| index.js:20:26:20:29 | true | enclosingFunctionBody | User find isAdmin true | -| index.js:20:26:20:29 | true | enclosingFunctionName | notFlowFromSource | -| index.js:20:26:20:29 | true | fileImports | express mongoose | -| index.js:20:26:20:29 | true | receiverName | | -| index.js:20:26:20:29 | true | stringConcatenatedWith | | -| index.js:24:13:24:22 | "constant" | CalleeFlexibleAccessPath | User.find | -| index.js:24:13:24:22 | "constant" | InputAccessPathFromCallee | | -| index.js:24:13:24:22 | "constant" | InputArgumentIndex | 0 | -| index.js:24:13:24:22 | "constant" | assignedToPropName | | -| index.js:24:13:24:22 | "constant" | calleeImports | mongoose | -| index.js:24:13:24:22 | "constant" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:24:13:24:22 | "constant" | contextSurroundingFunctionParameters | () | -| index.js:24:13:24:22 | "constant" | enclosingFunctionBody | User find constant | -| index.js:24:13:24:22 | "constant" | enclosingFunctionName | constantExpression | -| index.js:24:13:24:22 | "constant" | fileImports | express mongoose | -| index.js:24:13:24:22 | "constant" | receiverName | User | -| index.js:24:13:24:22 | "constant" | stringConcatenatedWith | | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | CalleeFlexibleAccessPath | User.find | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputAccessPathFromCallee | | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputArgumentIndex | 0 | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | assignedToPropName | | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeImports | mongoose | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextSurroundingFunctionParameters | () | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | fileImports | express mongoose | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | stringConcatenatedWith | | -| index.js:32:15:32:24 | "someData" | CalleeFlexibleAccessPath | console.log | -| index.js:32:15:32:24 | "someData" | InputAccessPathFromCallee | | -| index.js:32:15:32:24 | "someData" | InputArgumentIndex | 0 | -| index.js:32:15:32:24 | "someData" | assignedToPropName | | -| index.js:32:15:32:24 | "someData" | calleeImports | | -| index.js:32:15:32:24 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:32:15:32:24 | "someData" | contextSurroundingFunctionParameters | () | -| index.js:32:15:32:24 | "someData" | enclosingFunctionBody | console log someData | -| index.js:32:15:32:24 | "someData" | enclosingFunctionName | notASink | -| index.js:32:15:32:24 | "someData" | fileImports | express mongoose | -| index.js:32:15:32:24 | "someData" | receiverName | console | -| index.js:32:15:32:24 | "someData" | stringConcatenatedWith | | -| index.js:36:20:36:22 | "a" | CalleeFlexibleAccessPath | ?.startsWith | -| index.js:36:20:36:22 | "a" | InputAccessPathFromCallee | | -| index.js:36:20:36:22 | "a" | InputArgumentIndex | 0 | -| index.js:36:20:36:22 | "a" | assignedToPropName | | -| index.js:36:20:36:22 | "a" | calleeImports | | -| index.js:36:20:36:22 | "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:36:20:36:22 | "a" | contextSurroundingFunctionParameters | () | -| index.js:36:20:36:22 | "a" | enclosingFunctionBody | abc startsWith a | -| index.js:36:20:36:22 | "a" | enclosingFunctionName | notASinkMultipleReasons | -| index.js:36:20:36:22 | "a" | fileImports | express mongoose | -| index.js:36:20:36:22 | "a" | receiverName | | -| index.js:36:20:36:22 | "a" | stringConcatenatedWith | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | CalleeFlexibleAccessPath | User.find | -| index.js:41:13:68:61 | "a" + " ... " + "a" | InputAccessPathFromCallee | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | InputArgumentIndex | 0 | -| index.js:41:13:68:61 | "a" + " ... " + "a" | assignedToPropName | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeImports | mongoose | -| index.js:41:13:68:61 | "a" + " ... " + "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:41:13:68:61 | "a" + " ... " + "a" | contextSurroundingFunctionParameters | () | -| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionBody | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionName | veryLongFunctionBody | -| index.js:41:13:68:61 | "a" + " ... " + "a" | fileImports | express mongoose | -| index.js:41:13:68:61 | "a" + " ... " + "a" | receiverName | User | -| index.js:41:13:68:61 | "a" + " ... " + "a" | stringConcatenatedWith | | -| index.js:78:30:78:39 | "someData" | CalleeFlexibleAccessPath | console.log | -| index.js:78:30:78:39 | "someData" | InputAccessPathFromCallee | | -| index.js:78:30:78:39 | "someData" | InputArgumentIndex | 0 | -| index.js:78:30:78:39 | "someData" | assignedToPropName | | -| index.js:78:30:78:39 | "someData" | calleeImports | | -| index.js:78:30:78:39 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:78:30:78:39 | "someData" | contextSurroundingFunctionParameters | () | -| index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData | -| index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument | -| index.js:78:30:78:39 | "someData" | fileImports | express mongoose | -| index.js:78:30:78:39 | "someData" | receiverName | console | -| index.js:78:30:78:39 | "someData" | stringConcatenatedWith | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | CalleeFlexibleAccessPath | $.ajax | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | InputAccessPathFromCallee | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | InputArgumentIndex | 0 | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | assignedToPropName | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeImports | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | contextSurroundingFunctionParameters | (foo) | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionBody | foo $ ajax url foo bar | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionName | effectiveSinkAndNotASink | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | fileImports | express mongoose | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | receiverName | $ | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | stringConcatenatedWith | | -| index.js:84:12:84:18 | foo.bar | CalleeFlexibleAccessPath | $.ajax | -| index.js:84:12:84:18 | foo.bar | InputAccessPathFromCallee | 0.url | -| index.js:84:12:84:18 | foo.bar | InputArgumentIndex | 0 | -| index.js:84:12:84:18 | foo.bar | assignedToPropName | url | -| index.js:84:12:84:18 | foo.bar | calleeImports | | -| index.js:84:12:84:18 | foo.bar | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:84:12:84:18 | foo.bar | contextSurroundingFunctionParameters | (foo) | -| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar | -| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink | -| index.js:84:12:84:18 | foo.bar | fileImports | express mongoose | -| index.js:84:12:84:18 | foo.bar | receiverName | | -| index.js:84:12:84:18 | foo.bar | stringConcatenatedWith | | diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref deleted file mode 100644 index 546ff7249d3..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref +++ /dev/null @@ -1 +0,0 @@ -extraction/ExtractEndpointDataEvaluation.ql diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index d85a14dca02..de3424c2f4d 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.3.1 + +### Minor Analysis Improvements + +- Several of the SQL and NoSQL library models have improved, leading to more results for the `js/sql-injection` query, + and in some cases the `js/missing-rate-limiting` query. + ## 0.3.0 ### Breaking Changes diff --git a/javascript/ql/lib/change-notes/2022-09-06-type-defs-squashed.md b/javascript/ql/lib/change-notes/released/0.3.1.md similarity index 80% rename from javascript/ql/lib/change-notes/2022-09-06-type-defs-squashed.md rename to javascript/ql/lib/change-notes/released/0.3.1.md index 9e628b394dc..81c8ef9fcff 100644 --- a/javascript/ql/lib/change-notes/2022-09-06-type-defs-squashed.md +++ b/javascript/ql/lib/change-notes/released/0.3.1.md @@ -1,6 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.3.1 + +### Minor Analysis Improvements - Several of the SQL and NoSQL library models have improved, leading to more results for the `js/sql-injection` query, and in some cases the `js/missing-rate-limiting` query. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 95f6e3a0ba6..bb106b1cb63 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.0 +lastReleaseVersion: 0.3.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 0cf4b33407a..d5442a13f13 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.3.1-dev +version: 0.3.2-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index d79bb6eff4a..7fd3952ac85 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -93,6 +93,9 @@ module Actions { /** Gets the value of the `if` field in this job, if any. */ JobIf getIf() { result.getJob() = this } + + /** Gets the value of the `runs-on` field in this job. */ + JobRunson getRunsOn() { result.getJob() = this } } /** @@ -108,6 +111,19 @@ module Actions { Job getJob() { result = job } } + /** + * A `runs-on` within a job. + * See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on. + */ + class JobRunson extends YamlNode, YamlScalar { + Job job; + + JobRunson() { job.lookup("runs-on") = this } + + /** Gets the step this field belongs to. */ + Job getJob() { result = job } + } + /** * A step within an Actions job. * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idsteps. diff --git a/javascript/ql/lib/semmle/javascript/JSX.qll b/javascript/ql/lib/semmle/javascript/JSX.qll index f89f02abb54..9343d1f4f5c 100644 --- a/javascript/ql/lib/semmle/javascript/JSX.qll +++ b/javascript/ql/lib/semmle/javascript/JSX.qll @@ -70,7 +70,7 @@ class JsxElement extends JsxNode { override string getAPrimaryQlClass() { result = "JsxElement" } /** - * Holds if this JSX element is a HTML element. + * Holds if this JSX element is an HTML element. * That is, the name starts with a lowercase letter. */ predicate isHtmlElement() { getName().regexpMatch("[a-z].*") } diff --git a/javascript/ql/lib/semmle/javascript/PrintAst.qll b/javascript/ql/lib/semmle/javascript/PrintAst.qll index 29b1d619016..a4d71362818 100644 --- a/javascript/ql/lib/semmle/javascript/PrintAst.qll +++ b/javascript/ql/lib/semmle/javascript/PrintAst.qll @@ -161,7 +161,7 @@ private module PrintJavaScript { /** * A print node representing an `ASTNode`. * - * Provides a default implemention that works for some (but not all) ASTNode's. + * Provides a default implementation that works for some (but not all) ASTNode's. * More specific subclasses can override this class to get more specific behavior. * * The more specific subclasses are mostly used aggregate the children of the `ASTNode`. diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 5147bcf7f2a..2e7a9dd4f34 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -711,13 +711,31 @@ module TaintTracking { } } + /** + * Gets a local source of any part of the input to the given stringification `call`. + */ + pragma[nomagic] + private DataFlow::Node getAJsonLocalInput(JsonStringifyCall call) { + result = call.getInput() + or + exists(DataFlow::SourceNode source | + source = pragma[only_bind_out](getAJsonLocalInput(call)).getALocalSource() + | + result = source.getAPropertyWrite().getRhs() + or + result = source.(DataFlow::ObjectLiteralNode).getASpreadProperty() + or + result = source.(DataFlow::ArrayCreationNode).getASpreadArgument() + ) + } + /** * A taint propagating data flow edge arising from JSON unparsing. */ private class JsonStringifyTaintStep extends SharedTaintStep { override predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { exists(JsonStringifyCall call | - pred = call.getArgument(0) and + pred = getAJsonLocalInput(call) and succ = call ) } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index f570c9d3a38..1453f995433 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -671,7 +671,7 @@ module ClientRequest { } /** - * Gets the response type corresponding to `getReponse()` but not + * Gets the response type corresponding to `getResponse()` but not * for explicitly typed calls like `getResponseJson()`. */ string getAssignedResponseType() { diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll b/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll index 3a5ef400801..1adaed5b439 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll @@ -7,7 +7,7 @@ import javascript /** * Provides classes implementing data-flow for Immutable. * - * The implemention rely on the flowsteps implemented in `Collections.qll`. + * The implementation rely on the flowsteps implemented in `Collections.qll`. */ private module Immutable { /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll index 635ec55e916..9b2428f3413 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll @@ -544,7 +544,7 @@ private API::Node getNodeFromSubPath(API::Node base, AccessPath subPath) { } /** Gets the node identified by the given `(package, type, path)` tuple. */ -API::Node getNodeFromPath(string package, string type, AccessPath path) { +private API::Node getNodeFromPath(string package, string type, AccessPath path) { result = getNodeFromPath(package, type, path, path.getNumToken()) } @@ -567,7 +567,9 @@ private predicate typeStep(API::Node pred, API::Node succ) { * * Unlike `getNodeFromPath`, the `path` may end with one or more call-site filters. */ -Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPath path, int n) { +private Specific::InvokeNode getInvocationFromPath( + string package, string type, AccessPath path, int n +) { result = Specific::getAnInvocationOf(getNodeFromPath(package, type, path, n)) or result = getInvocationFromPath(package, type, path, n - 1) and @@ -575,7 +577,7 @@ Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPa } /** Gets an invocation identified by the given `(package, type, path)` tuple. */ -Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPath path) { +private Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPath path) { result = getInvocationFromPath(package, type, path, path.getNumToken()) } @@ -583,7 +585,7 @@ Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPa * Holds if `name` is a valid name for an access path token in the identifying access path. */ bindingset[name] -predicate isValidTokenNameInIdentifyingAccessPath(string name) { +private predicate isValidTokenNameInIdentifyingAccessPath(string name) { name = ["Argument", "Parameter", "ReturnValue", "WithArity", "TypeVar"] or Specific::isExtraValidTokenNameInIdentifyingAccessPath(name) @@ -594,7 +596,7 @@ predicate isValidTokenNameInIdentifyingAccessPath(string name) { * in an identifying access path. */ bindingset[name] -predicate isValidNoArgumentTokenInIdentifyingAccessPath(string name) { +private predicate isValidNoArgumentTokenInIdentifyingAccessPath(string name) { name = "ReturnValue" or Specific::isExtraValidNoArgumentTokenInIdentifyingAccessPath(name) @@ -605,7 +607,7 @@ predicate isValidNoArgumentTokenInIdentifyingAccessPath(string name) { * in an identifying access path. */ bindingset[name, argument] -predicate isValidTokenArgumentInIdentifyingAccessPath(string name, string argument) { +private predicate isValidTokenArgumentInIdentifyingAccessPath(string name, string argument) { name = ["Argument", "Parameter"] and argument.regexpMatch("(N-|-)?\\d+(\\.\\.((N-|-)?\\d+)?)?") or @@ -622,51 +624,61 @@ predicate isValidTokenArgumentInIdentifyingAccessPath(string name, string argume * Module providing access to the imported models in terms of API graph nodes. */ module ModelOutput { - /** - * Holds if a CSV source model contributed `source` with the given `kind`. - */ - API::Node getASourceNode(string kind) { - exists(string package, string type, string path | - sourceModel(package, type, path, kind) and - result = getNodeFromPath(package, type, path) - ) + cached + private module Cached { + /** + * Holds if a CSV source model contributed `source` with the given `kind`. + */ + cached + API::Node getASourceNode(string kind) { + exists(string package, string type, string path | + sourceModel(package, type, path, kind) and + result = getNodeFromPath(package, type, path) + ) + } + + /** + * Holds if a CSV sink model contributed `sink` with the given `kind`. + */ + cached + API::Node getASinkNode(string kind) { + exists(string package, string type, string path | + sinkModel(package, type, path, kind) and + result = getNodeFromPath(package, type, path) + ) + } + + /** + * Holds if a relevant CSV summary exists for these parameters. + */ + cached + predicate relevantSummaryModel( + string package, string type, string path, string input, string output, string kind + ) { + isRelevantPackage(package) and + summaryModel(package, type, path, input, output, kind) + } + + /** + * Holds if a `baseNode` is an invocation identified by the `package,type,path` part of a summary row. + */ + cached + predicate resolvedSummaryBase( + string package, string type, string path, Specific::InvokeNode baseNode + ) { + summaryModel(package, type, path, _, _, _) and + baseNode = getInvocationFromPath(package, type, path) + } + + /** + * Holds if `node` is seen as an instance of `(package,type)` due to a type definition + * contributed by a CSV model. + */ + cached + API::Node getATypeNode(string package, string type) { result = getNodeFromType(package, type) } } - /** - * Holds if a CSV sink model contributed `sink` with the given `kind`. - */ - API::Node getASinkNode(string kind) { - exists(string package, string type, string path | - sinkModel(package, type, path, kind) and - result = getNodeFromPath(package, type, path) - ) - } - - /** - * Holds if a relevant CSV summary exists for these parameters. - */ - predicate relevantSummaryModel( - string package, string type, string path, string input, string output, string kind - ) { - isRelevantPackage(package) and - summaryModel(package, type, path, input, output, kind) - } - - /** - * Holds if a `baseNode` is an invocation identified by the `package,type,path` part of a summary row. - */ - predicate resolvedSummaryBase( - string package, string type, string path, Specific::InvokeNode baseNode - ) { - summaryModel(package, type, path, _, _, _) and - baseNode = getInvocationFromPath(package, type, path) - } - - /** - * Holds if `node` is seen as an instance of `(package,type)` due to a type definition - * contributed by a CSV model. - */ - API::Node getATypeNode(string package, string type) { result = getNodeFromType(package, type) } + import Cached /** * Gets an error message relating to an invalid CSV row in a model. diff --git a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll index d3ed011b739..95bfbeeeb5d 100644 --- a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll @@ -1,5 +1,5 @@ /** - * Provides precicates for reasoning about bad tag filter vulnerabilities. + * Provides predicates for reasoning about bad tag filter vulnerabilities. */ import regexp.RegexpMatching @@ -65,7 +65,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) { regexp.matches("") and exists(int a, int b | a != b | regexp.fillsCaptureGroup("", a) and - // might be ambigously parsed (matching both capture groups), and that is ok here. + // might be ambiguously parsed (matching both capture groups), and that is ok here. regexp.fillsCaptureGroup("", b) and not regexp.fillsCaptureGroup("", a) and msg = @@ -87,7 +87,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) { not regexp.fillsCaptureGroup("

  • OSWAP: Insecure Temporary File.